General
-
Target
INV006267782.exe
-
Size
1.2MB
-
Sample
221209-np1mnsda82
-
MD5
f53b326524216118f4f997a48e1068c5
-
SHA1
7e8d597a1a97e80f4a5a80201733d061479cbc62
-
SHA256
317079c74f6bd0c49121af4d0910068aeb2858ce651db0df918950aa850570e3
-
SHA512
22b5c1cc6d61b818064199d702eccf0081290a88d4ea5c1a2b3c3b34cd0defa015ad72b23c5eda9f5a9cc76385e78b1024829b5177be74f6fd3fe9fd9072fb46
-
SSDEEP
24576:5AOcZ3ZnyNAhoE6uZ1B4tv3GKYBg7ebRYBpcfNGrifbsgqP/F1q:zyraElevX70RvgrCsgo/7q
Static task
static1
Behavioral task
behavioral1
Sample
INV006267782.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
INV006267782.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
netwire
reportss.duckdns.org:4411
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
lock_executable
false
-
offline_keylogger
false
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
INV006267782.exe
-
Size
1.2MB
-
MD5
f53b326524216118f4f997a48e1068c5
-
SHA1
7e8d597a1a97e80f4a5a80201733d061479cbc62
-
SHA256
317079c74f6bd0c49121af4d0910068aeb2858ce651db0df918950aa850570e3
-
SHA512
22b5c1cc6d61b818064199d702eccf0081290a88d4ea5c1a2b3c3b34cd0defa015ad72b23c5eda9f5a9cc76385e78b1024829b5177be74f6fd3fe9fd9072fb46
-
SSDEEP
24576:5AOcZ3ZnyNAhoE6uZ1B4tv3GKYBg7ebRYBpcfNGrifbsgqP/F1q:zyraElevX70RvgrCsgo/7q
Score10/10-
NetWire RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-