General
-
Target
Niipxzvceptnltqinb.exe.bin
-
Size
7KB
-
Sample
221117-zaacqabe9y
-
MD5
828988c5e283c07b481aae790b9f1664
-
SHA1
68240ab5ec927d8ee2af027110faee0f2531c828
-
SHA256
44676f7732f4e6adfe2ba94d8e7dbaf4f6bf9d46f81118081f0f3a64f3fcb133
-
SHA512
1a40e9d93a7689a9cce3bc3255b92cc2c9456efc6ebe246dfc6d2a8abeea137cd79469e0565a785bf6f4a2b79559297cf54b1e75d521b8a4df03e4cda6fe0a8d
-
SSDEEP
192:K9OoaGuIh1pL6ktM9xyXAVxVui75HjXE55g57:K9Ooa5Ih1pLlM9QeT5b25q
Static task
static1
Behavioral task
behavioral1
Sample
Niipxzvceptnltqinb.exe
Resource
win7-20221111-en
Malware Config
Extracted
netwire
212.193.30.230:3345
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Password@9
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
Niipxzvceptnltqinb.exe.bin
-
Size
7KB
-
MD5
828988c5e283c07b481aae790b9f1664
-
SHA1
68240ab5ec927d8ee2af027110faee0f2531c828
-
SHA256
44676f7732f4e6adfe2ba94d8e7dbaf4f6bf9d46f81118081f0f3a64f3fcb133
-
SHA512
1a40e9d93a7689a9cce3bc3255b92cc2c9456efc6ebe246dfc6d2a8abeea137cd79469e0565a785bf6f4a2b79559297cf54b1e75d521b8a4df03e4cda6fe0a8d
-
SSDEEP
192:K9OoaGuIh1pL6ktM9xyXAVxVui75HjXE55g57:K9Ooa5Ih1pLlM9QeT5b25q
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-