General
-
Target
99e8dfa23cef1d5d67c765df3de3bc6e750a2d8fa4628a9442d08fc40aaaa656
-
Size
1.1MB
-
Sample
221223-e14n2aba3t
-
MD5
1804fd17264130f722df702777fa9e9c
-
SHA1
891e8e84555f3fc08bff5e9ba5dc128685c87b40
-
SHA256
99e8dfa23cef1d5d67c765df3de3bc6e750a2d8fa4628a9442d08fc40aaaa656
-
SHA512
f42284f772dd71d4cf2b5f218d4e8e1d4182e6ebd87f99ed6a8b9cd50f8f9d523cef8f690b8d0d32417a48ac66a59ae58945c790a25d4114e71f1fd6aa0bbdc1
-
SSDEEP
24576:M1e+jU7dnjEYRhOmqZWavp3Nbl9zHH80m:MY+jU7eYRhbqnL
Static task
static1
Malware Config
Extracted
netwire
reportss.duckdns.org:4411
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
lock_executable
false
-
offline_keylogger
false
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
99e8dfa23cef1d5d67c765df3de3bc6e750a2d8fa4628a9442d08fc40aaaa656
-
Size
1.1MB
-
MD5
1804fd17264130f722df702777fa9e9c
-
SHA1
891e8e84555f3fc08bff5e9ba5dc128685c87b40
-
SHA256
99e8dfa23cef1d5d67c765df3de3bc6e750a2d8fa4628a9442d08fc40aaaa656
-
SHA512
f42284f772dd71d4cf2b5f218d4e8e1d4182e6ebd87f99ed6a8b9cd50f8f9d523cef8f690b8d0d32417a48ac66a59ae58945c790a25d4114e71f1fd6aa0bbdc1
-
SSDEEP
24576:M1e+jU7dnjEYRhOmqZWavp3Nbl9zHH80m:MY+jU7eYRhbqnL
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-