General
-
Target
Hesaphareketi-01.exe
-
Size
963KB
-
Sample
221111-g5t2hahgh4
-
MD5
cd8244fb08f75a12ab952b020273fe7d
-
SHA1
39cfcda727747000190d45c4d252bda28cebe3ec
-
SHA256
7884f466b5060a215d695117a8c588bfbff2b8d3e9c3d4334e56fa309a4c15c1
-
SHA512
e6b4272855d96e6b87487870137b8de474bc4867954e1fd7777fef00e7a5ce6f9ec496f9b95ef782d15bcb13d72c8e48190c4fa03a39f3c3d35bcb30f9d38388
-
SSDEEP
12288:2Gg7B8/lQYuVBK91o139Hmjc6Tp6Vpt3B6PC7I0Z1M/6WkwBpZfoD9H8AdH78NY:2FV2iVJ9GjTgbPI0Zl+
Static task
static1
Behavioral task
behavioral1
Sample
Hesaphareketi-01.exe
Resource
win7-20220812-en
Malware Config
Extracted
netwire
podzeye2.duckdns.org:4433
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
lock_executable
false
-
offline_keylogger
false
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
Hesaphareketi-01.exe
-
Size
963KB
-
MD5
cd8244fb08f75a12ab952b020273fe7d
-
SHA1
39cfcda727747000190d45c4d252bda28cebe3ec
-
SHA256
7884f466b5060a215d695117a8c588bfbff2b8d3e9c3d4334e56fa309a4c15c1
-
SHA512
e6b4272855d96e6b87487870137b8de474bc4867954e1fd7777fef00e7a5ce6f9ec496f9b95ef782d15bcb13d72c8e48190c4fa03a39f3c3d35bcb30f9d38388
-
SSDEEP
12288:2Gg7B8/lQYuVBK91o139Hmjc6Tp6Vpt3B6PC7I0Z1M/6WkwBpZfoD9H8AdH78NY:2FV2iVJ9GjTgbPI0Zl+
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-