General
-
Target
RE-ORDER 0738073583 2022.IMG
-
Size
1.3MB
-
Sample
221123-b1kz5sbb7s
-
MD5
96f1980b0db6d568a206ab9a20d9b2cc
-
SHA1
8551485c7b4282f0cc7ca9bf4418f87547f8fc68
-
SHA256
9e3826600f72e2a5bcea58609e3aec6724d38527c979f119e863a60819067793
-
SHA512
4c4c64e9096059cbc221ffe461d0c6b6afc67fe66a393df511bfd42de297e3d4346e4fd5b9955de6233f65414a44e7b412a6367c8054ad136b6c0a52f87f6eb8
-
SSDEEP
12288:CAdq9V5fIv6ALGXzOx/Ps7fdCg8gg7Xgv0VIngcpCYrN:CAs9HIv6UGjOZPm89Lgv0VIgICQ
Static task
static1
Behavioral task
behavioral1
Sample
RE_ORDER.exe
Resource
win7-20220812-en
Malware Config
Extracted
netwire
79.134.225.121:2210
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
install_path
%AppData%\Install\Host.exe
-
lock_executable
false
-
offline_keylogger
false
-
password
Elibee88
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
RE_ORDER.EXE
-
Size
773KB
-
MD5
44e57ffe7df36c98a6577f620ca10b03
-
SHA1
fe779db3e12a96b6c7ed72ccb803b610180f64a6
-
SHA256
b1c36240effced3001500a115e71328faf0136490f67568ec382ccd97254415e
-
SHA512
9297ffa2eeb68155b7993413620715b36ad5d21f20fb65ff728c72f71f1c9d6d17334e2d7684f836f4d4c71cdbf60682a8ec35623429febf15a994ae1f8c3e4d
-
SSDEEP
12288:kAdq9V5fIv6ALGXzOx/Ps7fdCg8gg7Xgv0VIngcpCYrN:kAs9HIv6UGjOZPm89Lgv0VIgICQ
-
NetWire RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-