General
-
Target
INQ 80469046 DBT.exe
-
Size
1001KB
-
Sample
230119-myyzrscf7z
-
MD5
84e792790474ec5d19a491b9ec553b3d
-
SHA1
25d20a249b0e1d38ecc0f368605ff39776645d1a
-
SHA256
1801a874e23097185c396dfcc625bebae49577d65a9177332b8f791810054b4e
-
SHA512
570126783e260cd4b638804cb19e27593019526f72aa0f64868dbc05a19905cedaaa27f2a40779d39297b96e973c5ef7a59b809082032c25adbf2dc6370282ba
-
SSDEEP
24576:7gPD5Nb3ewHdqoXpDLycm6AP+nYWUP4tFd8vHX6E/VhL:7gPD5Nb/Jycm62+neP4tF6360VhL
Static task
static1
Behavioral task
behavioral1
Sample
INQ 80469046 DBT.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
INQ 80469046 DBT.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
netwire
212.193.30.230:6063
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
install_path
%AppData%\Install\Host.exe
-
keylogger_dir
TestLink.lnk
-
lock_executable
false
-
offline_keylogger
false
-
password
Password123@
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
INQ 80469046 DBT.exe
-
Size
1001KB
-
MD5
84e792790474ec5d19a491b9ec553b3d
-
SHA1
25d20a249b0e1d38ecc0f368605ff39776645d1a
-
SHA256
1801a874e23097185c396dfcc625bebae49577d65a9177332b8f791810054b4e
-
SHA512
570126783e260cd4b638804cb19e27593019526f72aa0f64868dbc05a19905cedaaa27f2a40779d39297b96e973c5ef7a59b809082032c25adbf2dc6370282ba
-
SSDEEP
24576:7gPD5Nb3ewHdqoXpDLycm6AP+nYWUP4tFd8vHX6E/VhL:7gPD5Nb/Jycm62+neP4tF6360VhL
Score10/10-
NetWire RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-