General
-
Target
SV0092837728-2022.exe
-
Size
869KB
-
Sample
221219-y95r8sbb8v
-
MD5
e38953a7f1d52241b24754417c93bc30
-
SHA1
963dacab1dab109ca641fcede8dfd0f664535c19
-
SHA256
5de69c92fae7533c1138668cc12a7265cab882ba72c189b895731ec8269d6512
-
SHA512
36ba8ef37bf0898d1c3619a7b829f2629b3933aff0f933d6608d4120dd51e25bf73e2702c6592a8630ebd77890d715b6479f61e8bef5fd0a7105aea37ecea62d
-
SSDEEP
12288:9wlQKmomPZefUtvnQxdMjUDR7FlN1k4QB6YullyyO5M9+UnaoPtqvyuH/:XomxiUtQPb/lTkHSlbOa5aoQFf
Static task
static1
Behavioral task
behavioral1
Sample
SV0092837728-2022.exe
Resource
win7-20220812-en
Malware Config
Extracted
netwire
podzeye2.duckdns.org:4433
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
lock_executable
false
-
offline_keylogger
false
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
SV0092837728-2022.exe
-
Size
869KB
-
MD5
e38953a7f1d52241b24754417c93bc30
-
SHA1
963dacab1dab109ca641fcede8dfd0f664535c19
-
SHA256
5de69c92fae7533c1138668cc12a7265cab882ba72c189b895731ec8269d6512
-
SHA512
36ba8ef37bf0898d1c3619a7b829f2629b3933aff0f933d6608d4120dd51e25bf73e2702c6592a8630ebd77890d715b6479f61e8bef5fd0a7105aea37ecea62d
-
SSDEEP
12288:9wlQKmomPZefUtvnQxdMjUDR7FlN1k4QB6YullyyO5M9+UnaoPtqvyuH/:XomxiUtQPb/lTkHSlbOa5aoQFf
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-