General
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://198.23.172.90/PO_6733.exe
Resource
win7-20220812-en
windows7-x64
7 signatures
150 seconds
Malware Config
Extracted
Family
netwire
C2
212.193.30.230:3363
Attributes
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Password@2
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
NetWire RAT payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-