General
-
Target
39f4239391959ef5526d88982850bfd96cff70800fdab102aa1472c0b279f0af
-
Size
1.9MB
-
Sample
221130-qv7dhshb2x
-
MD5
b2edfeaa3ac26d6025aac0b92788ed11
-
SHA1
4d6a5d91254ef3de3da4db6a399beb1fc2ede177
-
SHA256
39f4239391959ef5526d88982850bfd96cff70800fdab102aa1472c0b279f0af
-
SHA512
3528aebd1354a02fdd915be0e4d4b5c146114bc90763744ff8bf090ead15d5bb0a5c7bd94ff4c18b5acb669ee7ffbef3888e596c0e677ab8baf549af0c718234
-
SSDEEP
12288:X0LQ8daG/UYCCsUF4oYckcQRQo1wwVigOK8USPmnZ385EuL/C6shsyE6kGMgPYzz:XIKuL/CYzOmcJs28PpnuIIdw
Static task
static1
Behavioral task
behavioral1
Sample
39f4239391959ef5526d88982850bfd96cff70800fdab102aa1472c0b279f0af.exe
Resource
win7-20220812-en
Malware Config
Extracted
netwire
alex419.duckdns.org:60622
178.239.21.185:60622
-
activex_autorun
false
-
copy_executable
true
-
delete_original
false
-
host_id
GRACE101
-
install_path
%AppData%\Install\file.exe
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
mutex
NwgwuGDR
-
offline_keylogger
true
-
password
Password
-
registry_autorun
true
-
startup_name
Abobex
-
use_mutex
true
Targets
-
-
Target
39f4239391959ef5526d88982850bfd96cff70800fdab102aa1472c0b279f0af
-
Size
1.9MB
-
MD5
b2edfeaa3ac26d6025aac0b92788ed11
-
SHA1
4d6a5d91254ef3de3da4db6a399beb1fc2ede177
-
SHA256
39f4239391959ef5526d88982850bfd96cff70800fdab102aa1472c0b279f0af
-
SHA512
3528aebd1354a02fdd915be0e4d4b5c146114bc90763744ff8bf090ead15d5bb0a5c7bd94ff4c18b5acb669ee7ffbef3888e596c0e677ab8baf549af0c718234
-
SSDEEP
12288:X0LQ8daG/UYCCsUF4oYckcQRQo1wwVigOK8USPmnZ385EuL/C6shsyE6kGMgPYzz:XIKuL/CYzOmcJs28PpnuIIdw
-
NetWire RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-