General
-
Target
d1c250fd723d26b790ca019cad1cb159a6e95c0add5e57094e33252b53f04da6
-
Size
8KB
-
Sample
230123-xhl1daeg57
-
MD5
46185d648b66380eb3fa3cdea9146d77
-
SHA1
1f253b466688771c9f8d2f67b52fa9e39bfc9329
-
SHA256
d1c250fd723d26b790ca019cad1cb159a6e95c0add5e57094e33252b53f04da6
-
SHA512
656d9ad3a1aef82b6645318f5e7312379349347c143686e407c2191035acfafed1adfd970eb7f6907032ed95e70b206b1d6da42424e648665d7b03f5edf2d42b
-
SSDEEP
96:/T978DaGTTNuPONQsAYAlcQf1cEXwr0iG0+k/xS7Zr74bFnU:xHGNuaspcEXz0j/klrN
Static task
static1
Malware Config
Extracted
netwire
212.193.30.230:3363
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Password@2
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
d1c250fd723d26b790ca019cad1cb159a6e95c0add5e57094e33252b53f04da6
-
Size
8KB
-
MD5
46185d648b66380eb3fa3cdea9146d77
-
SHA1
1f253b466688771c9f8d2f67b52fa9e39bfc9329
-
SHA256
d1c250fd723d26b790ca019cad1cb159a6e95c0add5e57094e33252b53f04da6
-
SHA512
656d9ad3a1aef82b6645318f5e7312379349347c143686e407c2191035acfafed1adfd970eb7f6907032ed95e70b206b1d6da42424e648665d7b03f5edf2d42b
-
SSDEEP
96:/T978DaGTTNuPONQsAYAlcQf1cEXwr0iG0+k/xS7Zr74bFnU:xHGNuaspcEXz0j/klrN
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-