General
-
Target
SecuriteInfo.com.Win32.RATX-gen.8711.15068
-
Size
715KB
-
Sample
230105-kjx3taeh6s
-
MD5
14a8ed4f4d833c20f775d254eb751f2d
-
SHA1
5c3282c4b919fb7d5a84a8026233fe358de5a022
-
SHA256
b3cd1a80df7ae1654da07a03006781c83240814dd6d99db27f1733ed8267661c
-
SHA512
5210cffe7b9b7fb2fa884a71ee599c9305df08270ffc766afa8a409fff9eab5597bd1c677312e8afb0c27caf0966e416e653b5d20b738aadece91e292de14f18
-
SSDEEP
12288:9zJs9gjEzcfWT+9FOcfx1HsAYaZAtpuxHJNp7lbheaiA/yQRq9CLQrx99s2z:U35Mx3Ya8ApbPeoyN9CWTs2
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.RATX-gen.8711.exe
Resource
win7-20220812-en
Malware Config
Extracted
netwire
212.193.30.230:7324
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
install_path
%AppData%\Install\Host.exe
-
lock_executable
false
-
offline_keylogger
false
-
password
Password123
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
SecuriteInfo.com.Win32.RATX-gen.8711.15068
-
Size
715KB
-
MD5
14a8ed4f4d833c20f775d254eb751f2d
-
SHA1
5c3282c4b919fb7d5a84a8026233fe358de5a022
-
SHA256
b3cd1a80df7ae1654da07a03006781c83240814dd6d99db27f1733ed8267661c
-
SHA512
5210cffe7b9b7fb2fa884a71ee599c9305df08270ffc766afa8a409fff9eab5597bd1c677312e8afb0c27caf0966e416e653b5d20b738aadece91e292de14f18
-
SSDEEP
12288:9zJs9gjEzcfWT+9FOcfx1HsAYaZAtpuxHJNp7lbheaiA/yQRq9CLQrx99s2z:U35Mx3Ya8ApbPeoyN9CWTs2
-
NetWire RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-