General
-
Target
SecuriteInfo.com.Variant.Barys.51933.17281.33.exe
-
Size
791KB
-
Sample
221115-wrfdhsfb59
-
MD5
4ce9503e6cbbcc8ec8a8b3696986843f
-
SHA1
62f2a7cd9fc8b4acf6c442b246cbf34035f0b540
-
SHA256
1cc44e0f214cbf72c836dcbd1b1e67ad574bba62873f974432ee076072bf42cc
-
SHA512
f53743b7e2dd7eb88a99a01ca95ca12b4afe56892fa0fa28c3409b72cf15aedcc15c2f0966959399a2effd2b6d0b323f4ab61c66bc15ce30bec0093157127dbf
-
SSDEEP
12288:/B4XsRQQwHXOMYRIp7RNqW/1D8TkJhTUDT1+RngcpCYrNl:pQjHXO5RIp7R91+2h4DLICQl
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Variant.Barys.51933.17281.33.exe
Resource
win7-20220901-en
Malware Config
Extracted
netwire
79.134.225.121:2210
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
install_path
%AppData%\Install\Host.exe
-
lock_executable
false
-
offline_keylogger
false
-
password
Elibee88
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
SecuriteInfo.com.Variant.Barys.51933.17281.33.exe
-
Size
791KB
-
MD5
4ce9503e6cbbcc8ec8a8b3696986843f
-
SHA1
62f2a7cd9fc8b4acf6c442b246cbf34035f0b540
-
SHA256
1cc44e0f214cbf72c836dcbd1b1e67ad574bba62873f974432ee076072bf42cc
-
SHA512
f53743b7e2dd7eb88a99a01ca95ca12b4afe56892fa0fa28c3409b72cf15aedcc15c2f0966959399a2effd2b6d0b323f4ab61c66bc15ce30bec0093157127dbf
-
SSDEEP
12288:/B4XsRQQwHXOMYRIp7RNqW/1D8TkJhTUDT1+RngcpCYrNl:pQjHXO5RIp7R91+2h4DLICQl
-
NetWire RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-