General
-
Target
GBO -590 ORDER.exe
-
Size
833KB
-
Sample
230105-hjmkzaef2y
-
MD5
1a9ce8f81c2b5e3dbd4de1681975f1e1
-
SHA1
1e5ec9bf8bb045caa2c9e1090444d8b5a07fa19b
-
SHA256
de1dca28f32c8367c84d51ae14b26c4432f91e0845dc0db65fdb4ccb7eefbcb0
-
SHA512
5aa435dbee766fe7395cb58f5e3ff1f2795b9348e7f7706e494e1a848715132ef99ad77aaef9b8c5f0408a37e34651d37ea75674576a37b61e5336f89dea7fe5
-
SSDEEP
12288:yf0bR6AbG9g+ULV7/yCabiYgONmRyUVzgMl79f7y7m:o0bVa9ALFy5eOERyUWq7NyK
Static task
static1
Behavioral task
behavioral1
Sample
GBO -590 ORDER.exe
Resource
win7-20221111-en
Malware Config
Extracted
netwire
212.193.30.230:7324
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
install_path
%AppData%\Install\Host.exe
-
lock_executable
false
-
offline_keylogger
false
-
password
Password123
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
GBO -590 ORDER.exe
-
Size
833KB
-
MD5
1a9ce8f81c2b5e3dbd4de1681975f1e1
-
SHA1
1e5ec9bf8bb045caa2c9e1090444d8b5a07fa19b
-
SHA256
de1dca28f32c8367c84d51ae14b26c4432f91e0845dc0db65fdb4ccb7eefbcb0
-
SHA512
5aa435dbee766fe7395cb58f5e3ff1f2795b9348e7f7706e494e1a848715132ef99ad77aaef9b8c5f0408a37e34651d37ea75674576a37b61e5336f89dea7fe5
-
SSDEEP
12288:yf0bR6AbG9g+ULV7/yCabiYgONmRyUVzgMl79f7y7m:o0bVa9ALFy5eOERyUWq7NyK
-
NetWire RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-