General
-
Target
SecuriteInfo.com.Win32.PWSX-gen.29983.31442.exe
-
Size
865KB
-
Sample
230117-g8wz9sbd85
-
MD5
ec14ff4210d167270b7eccc453bc96ee
-
SHA1
2a30b6cc2f580724fa751a74f452c775f24e4ec2
-
SHA256
f0c72caa378310037f0d9cdc0d3eb14255f242b273a030a91b3f1540876865ab
-
SHA512
3affa8deb6141e79fe33078b709eaf8d9db8c788c41c195cdd72011d56e79db794e023848024975e6fe74fb80f80c97c3cc542ab51944f5476b25861ba66496d
-
SSDEEP
12288:ULNOyo2VJG09KuNPXlguxjtU5pmcT31LoGFvxy/x/mGZgBGYotcRcX6P7G+ZwlT1:JSzy0itEHctyG0IhG
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.PWSX-gen.29983.31442.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.PWSX-gen.29983.31442.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
netwire
212.193.30.230:3363
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Password@2
-
registry_autorun
true
-
startup_name
NetWire
-
use_mutex
false
Targets
-
-
Target
SecuriteInfo.com.Win32.PWSX-gen.29983.31442.exe
-
Size
865KB
-
MD5
ec14ff4210d167270b7eccc453bc96ee
-
SHA1
2a30b6cc2f580724fa751a74f452c775f24e4ec2
-
SHA256
f0c72caa378310037f0d9cdc0d3eb14255f242b273a030a91b3f1540876865ab
-
SHA512
3affa8deb6141e79fe33078b709eaf8d9db8c788c41c195cdd72011d56e79db794e023848024975e6fe74fb80f80c97c3cc542ab51944f5476b25861ba66496d
-
SSDEEP
12288:ULNOyo2VJG09KuNPXlguxjtU5pmcT31LoGFvxy/x/mGZgBGYotcRcX6P7G+ZwlT1:JSzy0itEHctyG0IhG
Score10/10-
NetWire RAT payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-