General
-
Target
SecuriteInfo.com.Win32.PWSX-gen.21294.3900.exe
-
Size
1.1MB
-
Sample
221109-ltcqasfff2
-
MD5
cfb78cd713d80aa92ba275f06b735d50
-
SHA1
7082fbbcea7765f24544aad61c5efe509ba6502e
-
SHA256
63c76b6d8a6c83e113d4a72361c8df64d493339fe94503522b3f666b19aacfa2
-
SHA512
f684c1d9cc71e2677285502de46b3fc1c37912c9cad6f3b647ffcafe53c26df229b171b11e902fb1178f8280813ac809143448d06ea1688805efe7f175c8bd93
-
SSDEEP
12288:At2PHkEXbqyYsBFMWYndz5BOX58Hh8l84VFULbCzhAEGgeIlAtityZN9u7PKeJt+:5Hk1sBG7il9FUL+4ftVZiFJd2KoJZ5
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.PWSX-gen.21294.3900.exe
Resource
win7-20220812-en
Malware Config
Extracted
netwire
podzeye2.duckdns.org:4433
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
lock_executable
false
-
offline_keylogger
false
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
SecuriteInfo.com.Win32.PWSX-gen.21294.3900.exe
-
Size
1.1MB
-
MD5
cfb78cd713d80aa92ba275f06b735d50
-
SHA1
7082fbbcea7765f24544aad61c5efe509ba6502e
-
SHA256
63c76b6d8a6c83e113d4a72361c8df64d493339fe94503522b3f666b19aacfa2
-
SHA512
f684c1d9cc71e2677285502de46b3fc1c37912c9cad6f3b647ffcafe53c26df229b171b11e902fb1178f8280813ac809143448d06ea1688805efe7f175c8bd93
-
SSDEEP
12288:At2PHkEXbqyYsBFMWYndz5BOX58Hh8l84VFULbCzhAEGgeIlAtityZN9u7PKeJt+:5Hk1sBG7il9FUL+4ftVZiFJd2KoJZ5
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-