General
-
Target
Proof of Payment.exe
-
Size
877KB
-
Sample
221112-z82jvshf59
-
MD5
1eaf48539b671bc8ba206d8ceeb3952e
-
SHA1
f007edf43a655309ca415c6451d95c20cd80ed47
-
SHA256
fe7f4532e262c755c8d9b5cfda2e56bbe4ec4c53d4ec492cd26ae599065b8956
-
SHA512
ee410c83b2e8d3ead4f16fceaae27a93bbe50991dec6e62093d4146340300d662b39d956135dc8e9e172251c2494b4589dc80c1839e7df727fee2dfca54c0486
-
SSDEEP
24576:HmsmYmsmSvzeda9HSCFvuAadyxpliRMb+3io3F93B:HmsmYmsm8vHXFGAadyEmb+SoV9
Static task
static1
Behavioral task
behavioral1
Sample
Proof of Payment.exe
Resource
win7-20220812-en
Malware Config
Extracted
netwire
212.193.30.230:3363
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Password@2
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
Proof of Payment.exe
-
Size
877KB
-
MD5
1eaf48539b671bc8ba206d8ceeb3952e
-
SHA1
f007edf43a655309ca415c6451d95c20cd80ed47
-
SHA256
fe7f4532e262c755c8d9b5cfda2e56bbe4ec4c53d4ec492cd26ae599065b8956
-
SHA512
ee410c83b2e8d3ead4f16fceaae27a93bbe50991dec6e62093d4146340300d662b39d956135dc8e9e172251c2494b4589dc80c1839e7df727fee2dfca54c0486
-
SSDEEP
24576:HmsmYmsmSvzeda9HSCFvuAadyxpliRMb+3io3F93B:HmsmYmsm8vHXFGAadyEmb+SoV9
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-