General
-
Target
SecuriteInfo.com.Troj.Krypt-TF.(On.Demand).3002.6722.exe
-
Size
890KB
-
Sample
230120-ll2z8afd2s
-
MD5
04b48402ad5185ef1565a3fb9bf1aefe
-
SHA1
06ad32d4b8b1ac735077dc9e7768eb649df4cb97
-
SHA256
26f3ec45fc6fe6c84d815288a447499ef507c6a8b0f3abc473bfbc69eaf20c49
-
SHA512
529e8d73a20a6af6d8836c2e2c44a286c013bf333f51fbd6b08598cc02d9bf5c95eb2b9aa8fa16310ff7650a5a5ba2eaf03ed08ceed2d90b5287a0a9dad56fb5
-
SSDEEP
12288:kQdIxEnJFilzPypo07HoRyvviQ4kAVyEe8SwOylum:pexEjOPy+RP5lguO9m
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Troj.Krypt-TF.(On.Demand).3002.6722.exe
Resource
win7-20221111-en
Malware Config
Extracted
netwire
212.193.30.230:3361
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Telkomsa@1991
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
SecuriteInfo.com.Troj.Krypt-TF.(On.Demand).3002.6722.exe
-
Size
890KB
-
MD5
04b48402ad5185ef1565a3fb9bf1aefe
-
SHA1
06ad32d4b8b1ac735077dc9e7768eb649df4cb97
-
SHA256
26f3ec45fc6fe6c84d815288a447499ef507c6a8b0f3abc473bfbc69eaf20c49
-
SHA512
529e8d73a20a6af6d8836c2e2c44a286c013bf333f51fbd6b08598cc02d9bf5c95eb2b9aa8fa16310ff7650a5a5ba2eaf03ed08ceed2d90b5287a0a9dad56fb5
-
SSDEEP
12288:kQdIxEnJFilzPypo07HoRyvviQ4kAVyEe8SwOylum:pexEjOPy+RP5lguO9m
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-