General
-
Target
f4cb41dd766d9936b4dcbca5075ffbc1.exe
-
Size
767KB
-
Sample
230124-jyvessab56
-
MD5
f4cb41dd766d9936b4dcbca5075ffbc1
-
SHA1
e185a7639c26468f4fb62169b6037e2e4d99f75a
-
SHA256
85e8c923778743576884ef91502873590a7d6ae7675c526fbad2418091685bc0
-
SHA512
c3ea0c269177205c8573662ed5b5a9b6c242e9538c66c6b72871e2bc7d107d0db686b33c2e4ba2baf59a6877a07b9c2d65b2f50535e7d2eacffaf7f2274eb03a
-
SSDEEP
12288:IxEOxdueLABFT2iNUdrK6Bn4gY5FQgB4iF2bwo1ZH4OEtWv2UX+oNa:IxEO7cT1GFRn4HBkn1b3vu
Static task
static1
Behavioral task
behavioral1
Sample
f4cb41dd766d9936b4dcbca5075ffbc1.exe
Resource
win7-20221111-en
Malware Config
Extracted
netwire
212.193.30.230:3363
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Password@2
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
f4cb41dd766d9936b4dcbca5075ffbc1.exe
-
Size
767KB
-
MD5
f4cb41dd766d9936b4dcbca5075ffbc1
-
SHA1
e185a7639c26468f4fb62169b6037e2e4d99f75a
-
SHA256
85e8c923778743576884ef91502873590a7d6ae7675c526fbad2418091685bc0
-
SHA512
c3ea0c269177205c8573662ed5b5a9b6c242e9538c66c6b72871e2bc7d107d0db686b33c2e4ba2baf59a6877a07b9c2d65b2f50535e7d2eacffaf7f2274eb03a
-
SSDEEP
12288:IxEOxdueLABFT2iNUdrK6Bn4gY5FQgB4iF2bwo1ZH4OEtWv2UX+oNa:IxEO7cT1GFRn4HBkn1b3vu
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-