General
-
Target
Proof of Payment.exe
-
Size
6KB
-
Sample
221121-symjmaff44
-
MD5
3016dd22c9597fbf6c14fb3161325e5d
-
SHA1
81123d820807007a1d7ebf0286f02c0120f5cdc4
-
SHA256
6cc138d608ee3008a55e3e771991125b411c02cd2c3c914193c2b0524f031246
-
SHA512
970f27c9a5b37e425b3f4d7ba2c9552b988adadd32b2834a1cb5ffadbd3f4014823f93b100bd09d62782ad091d66e787dce5fde0647d9e535b6749dbd3ff59e8
-
SSDEEP
96:dnpf7RPQOr9h1ke5B5tG8rTcZv3m+6lUOkmnASEFnU:dpTv5B5tNwFr6yTmF
Static task
static1
Behavioral task
behavioral1
Sample
Proof of Payment.exe
Resource
win7-20220812-en
Malware Config
Extracted
netwire
212.193.30.230:3363
212.193.30.230:3362
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Cantbeme@1
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
Proof of Payment.exe
-
Size
6KB
-
MD5
3016dd22c9597fbf6c14fb3161325e5d
-
SHA1
81123d820807007a1d7ebf0286f02c0120f5cdc4
-
SHA256
6cc138d608ee3008a55e3e771991125b411c02cd2c3c914193c2b0524f031246
-
SHA512
970f27c9a5b37e425b3f4d7ba2c9552b988adadd32b2834a1cb5ffadbd3f4014823f93b100bd09d62782ad091d66e787dce5fde0647d9e535b6749dbd3ff59e8
-
SSDEEP
96:dnpf7RPQOr9h1ke5B5tG8rTcZv3m+6lUOkmnASEFnU:dpTv5B5tNwFr6yTmF
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-