General
-
Target
INV8837829937882.exe
-
Size
1.1MB
-
Sample
230102-j69vfsdg36
-
MD5
37061058b0188a77b2492b4ebe4acbc1
-
SHA1
80e5c1bed3c054c09347eaccbdd512ffb00bfda3
-
SHA256
1ed8cb502d5dd2c3d8b932309b41ff1e3c5c3490c03dd59a8d1f41311419ea0c
-
SHA512
73d6ee6445babb20579a934294d4718273f1b1317a44d3eb7ca61660c2604ba3c359d7354330ccf5c9d8f052c6db486e30e4f5e0d0fdfdbf63cc66733b4e5453
-
SSDEEP
24576:QR2nAq2eV/MV66JPi9CvkOU3ErRfdCOrq0zPn0MBxysXzWho:QR2p2eVp6JPi9Cv12E1lH0MBxnzWu
Static task
static1
Behavioral task
behavioral1
Sample
INV8837829937882.exe
Resource
win7-20220812-en
Malware Config
Extracted
netwire
reportss.duckdns.org:4411
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
lock_executable
false
-
offline_keylogger
false
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
INV8837829937882.exe
-
Size
1.1MB
-
MD5
37061058b0188a77b2492b4ebe4acbc1
-
SHA1
80e5c1bed3c054c09347eaccbdd512ffb00bfda3
-
SHA256
1ed8cb502d5dd2c3d8b932309b41ff1e3c5c3490c03dd59a8d1f41311419ea0c
-
SHA512
73d6ee6445babb20579a934294d4718273f1b1317a44d3eb7ca61660c2604ba3c359d7354330ccf5c9d8f052c6db486e30e4f5e0d0fdfdbf63cc66733b4e5453
-
SSDEEP
24576:QR2nAq2eV/MV66JPi9CvkOU3ErRfdCOrq0zPn0MBxysXzWho:QR2p2eVp6JPi9Cv12E1lH0MBxnzWu
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-