General
-
Target
RE-ORDER 0738073583 2022.exe
-
Size
773KB
-
Sample
221116-kmklwshh33
-
MD5
44e57ffe7df36c98a6577f620ca10b03
-
SHA1
fe779db3e12a96b6c7ed72ccb803b610180f64a6
-
SHA256
b1c36240effced3001500a115e71328faf0136490f67568ec382ccd97254415e
-
SHA512
9297ffa2eeb68155b7993413620715b36ad5d21f20fb65ff728c72f71f1c9d6d17334e2d7684f836f4d4c71cdbf60682a8ec35623429febf15a994ae1f8c3e4d
-
SSDEEP
12288:kAdq9V5fIv6ALGXzOx/Ps7fdCg8gg7Xgv0VIngcpCYrN:kAs9HIv6UGjOZPm89Lgv0VIgICQ
Static task
static1
Behavioral task
behavioral1
Sample
RE-ORDER 0738073583 2022.exe
Resource
win7-20220812-en
Malware Config
Extracted
netwire
79.134.225.121:2210
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
install_path
%AppData%\Install\Host.exe
-
lock_executable
false
-
offline_keylogger
false
-
password
Elibee88
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
RE-ORDER 0738073583 2022.exe
-
Size
773KB
-
MD5
44e57ffe7df36c98a6577f620ca10b03
-
SHA1
fe779db3e12a96b6c7ed72ccb803b610180f64a6
-
SHA256
b1c36240effced3001500a115e71328faf0136490f67568ec382ccd97254415e
-
SHA512
9297ffa2eeb68155b7993413620715b36ad5d21f20fb65ff728c72f71f1c9d6d17334e2d7684f836f4d4c71cdbf60682a8ec35623429febf15a994ae1f8c3e4d
-
SSDEEP
12288:kAdq9V5fIv6ALGXzOx/Ps7fdCg8gg7Xgv0VIngcpCYrN:kAs9HIv6UGjOZPm89Lgv0VIgICQ
-
NetWire RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-