General
-
Target
INV006267782.exe
-
Size
1.1MB
-
Sample
221209-mr866ada32
-
MD5
ca12f41f83b648a4839762a8b37eb79b
-
SHA1
2609ed84009ad5ef9ee2e5a72230b76b761b0851
-
SHA256
1bb72419895796c3a394f4b55f0c31959c992111803764d8167dcb6c7af3088c
-
SHA512
7fd28538ff2802c712805462fc3a1cf22c32819710b920ac47e8277384bebf7c47cfe329c714b097f06344f6f08815d7e8785f779ed21a24a8df57ca5887f15f
-
SSDEEP
24576:vfbmjDCl5l7dtY5dDPtKCcrb3zb5UYjhufS3bqpF9:CSl7Ztot+rxufSrQ
Static task
static1
Behavioral task
behavioral1
Sample
INV006267782.exe
Resource
win7-20220901-en
Malware Config
Extracted
netwire
reportss.duckdns.org:4411
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
lock_executable
false
-
offline_keylogger
false
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
INV006267782.exe
-
Size
1.1MB
-
MD5
ca12f41f83b648a4839762a8b37eb79b
-
SHA1
2609ed84009ad5ef9ee2e5a72230b76b761b0851
-
SHA256
1bb72419895796c3a394f4b55f0c31959c992111803764d8167dcb6c7af3088c
-
SHA512
7fd28538ff2802c712805462fc3a1cf22c32819710b920ac47e8277384bebf7c47cfe329c714b097f06344f6f08815d7e8785f779ed21a24a8df57ca5887f15f
-
SSDEEP
24576:vfbmjDCl5l7dtY5dDPtKCcrb3zb5UYjhufS3bqpF9:CSl7Ztot+rxufSrQ
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-