General
-
Target
INV00288383-226382.exe
-
Size
884KB
-
Sample
221110-n31jtsheh3
-
MD5
b2e35bd3ed056a4f2dd0798f8d0cd305
-
SHA1
a6813951e1dca8df33a4d8348e5ed9365bc3d87b
-
SHA256
a317414343c80367a0b5cdc91b77f1948f229fda4dbaea75b07258a2cd6a4ecd
-
SHA512
6499a5248896d311b0c6f6e5a5dc8570c0aa52e37d9d48206e7d24d035ede4b183627d3715e710f0c35db4ea93b2c31d149aa593d45b1404dbc2630ed9bb8ec1
-
SSDEEP
12288:swcqXPoC39oo3F5/W+szOmNFAVTJIMLm3AYZ3fk7urig9X/SatxTncH:QjC3io3F93VmHyBLmLZ3c7ur79X/5Bc
Static task
static1
Behavioral task
behavioral1
Sample
INV00288383-226382.exe
Resource
win7-20220812-en
Malware Config
Extracted
netwire
podzeye2.duckdns.org:4433
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
lock_executable
false
-
offline_keylogger
false
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
INV00288383-226382.exe
-
Size
884KB
-
MD5
b2e35bd3ed056a4f2dd0798f8d0cd305
-
SHA1
a6813951e1dca8df33a4d8348e5ed9365bc3d87b
-
SHA256
a317414343c80367a0b5cdc91b77f1948f229fda4dbaea75b07258a2cd6a4ecd
-
SHA512
6499a5248896d311b0c6f6e5a5dc8570c0aa52e37d9d48206e7d24d035ede4b183627d3715e710f0c35db4ea93b2c31d149aa593d45b1404dbc2630ed9bb8ec1
-
SSDEEP
12288:swcqXPoC39oo3F5/W+szOmNFAVTJIMLm3AYZ3fk7urig9X/SatxTncH:QjC3io3F93VmHyBLmLZ3c7ur79X/5Bc
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-