General
-
Target
SV0092837728-2022.7z
-
Size
754KB
-
Sample
221220-he9vpsca2s
-
MD5
3ef273c2b199c433c4eb85121025ea40
-
SHA1
1a17a981ad89fdc32efdac4bf473cd706dfc6a8c
-
SHA256
a03a689655c87f015215389098a4b06ea66fc9a519c4ac70aaa8b3d01aee4cbd
-
SHA512
a32df9d983086ba162ec69c169fdc7c054bf14ba2fce5a63afd7ae076288828150fc078fa1d3bf05ddc89df01f8fb9720d49e6f7c7f76f4f5d8d508c49d868cb
-
SSDEEP
12288:0KwRvcwthRGOdMKUXqGTls1k4bH6YWLpwyZaM9+Un222mJo9nEUlAaPH2juz5feY:lwREwzwyWvlskmKLdZ15222Fv2jE52Y
Static task
static1
Behavioral task
behavioral1
Sample
SV0092837728-2022.exe
Resource
win7-20221111-en
Malware Config
Extracted
netwire
podzeye2.duckdns.org:4433
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
lock_executable
false
-
offline_keylogger
false
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
SV0092837728-2022.exe
-
Size
869KB
-
MD5
e38953a7f1d52241b24754417c93bc30
-
SHA1
963dacab1dab109ca641fcede8dfd0f664535c19
-
SHA256
5de69c92fae7533c1138668cc12a7265cab882ba72c189b895731ec8269d6512
-
SHA512
36ba8ef37bf0898d1c3619a7b829f2629b3933aff0f933d6608d4120dd51e25bf73e2702c6592a8630ebd77890d715b6479f61e8bef5fd0a7105aea37ecea62d
-
SSDEEP
12288:9wlQKmomPZefUtvnQxdMjUDR7FlN1k4QB6YullyyO5M9+UnaoPtqvyuH/:XomxiUtQPb/lTkHSlbOa5aoQFf
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-