General
-
Target
INV-9004346.exe
-
Size
22KB
-
Sample
221219-ev4rvaeb95
-
MD5
f78fe63bb226cb00b24abe4062540c7e
-
SHA1
6046e196a18741e553e0740ae1763ef09d09cc73
-
SHA256
1e71db7db4c1e84c646c8abc4952f6dd56b5e2a080284c13cf56eaf7a841bda3
-
SHA512
33bbdc20088250144428af74e7c5b3afaf650073ef19bd5fe3f1ca3d903c1467fd347dd32e7fb5402e2be5e04cf4bbef2badaa567dc3d70ac16668cfab872c2b
-
SSDEEP
384:kEYZXiPLEckJBJfP7sqJBi9/utD4Y+rqzIGpygSubqfYtZWHHuxH:kEYZXWSP7sqJk9/utD4Y+OzHpy3WquZv
Static task
static1
Behavioral task
behavioral1
Sample
INV-9004346.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
INV-9004346.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
netwire
5.230.73.39:3637
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
Toolx
-
lock_executable
false
-
offline_keylogger
false
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
INV-9004346.exe
-
Size
22KB
-
MD5
f78fe63bb226cb00b24abe4062540c7e
-
SHA1
6046e196a18741e553e0740ae1763ef09d09cc73
-
SHA256
1e71db7db4c1e84c646c8abc4952f6dd56b5e2a080284c13cf56eaf7a841bda3
-
SHA512
33bbdc20088250144428af74e7c5b3afaf650073ef19bd5fe3f1ca3d903c1467fd347dd32e7fb5402e2be5e04cf4bbef2badaa567dc3d70ac16668cfab872c2b
-
SSDEEP
384:kEYZXiPLEckJBJfP7sqJBi9/utD4Y+rqzIGpygSubqfYtZWHHuxH:kEYZXWSP7sqJk9/utD4Y+OzHpy3WquZv
Score10/10-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-