General
-
Target
invoice89938.exe
-
Size
875KB
-
Sample
230128-y3q1hagb97
-
MD5
30de906d4955a6863bc9b45602a5ed3c
-
SHA1
74659c613ad6dde0cdb47ea69bc737c48e443bea
-
SHA256
868ec037a1d8de69e0b32853f957d2b9329877fa0b1d99c0fdb07952c61fd6c2
-
SHA512
8061466839701f69dfbdefc3ee0573c3126c91621894c37a53a5b91a02c1ef4476d39da4e8743189da9e43ef5ae8941724f7f3cfb09efa7079025b526b439687
-
SSDEEP
12288:BErIIoMZAYCu9gpDLoQV7EvknemE0IvyNnJV4ilzP3X:WVOKSpD59Es7bIaNz4OP3X
Static task
static1
Behavioral task
behavioral1
Sample
invoice89938.exe
Resource
win7-20220812-en
Malware Config
Extracted
netwire
212.193.30.230:3363
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Password@2
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
invoice89938.exe
-
Size
875KB
-
MD5
30de906d4955a6863bc9b45602a5ed3c
-
SHA1
74659c613ad6dde0cdb47ea69bc737c48e443bea
-
SHA256
868ec037a1d8de69e0b32853f957d2b9329877fa0b1d99c0fdb07952c61fd6c2
-
SHA512
8061466839701f69dfbdefc3ee0573c3126c91621894c37a53a5b91a02c1ef4476d39da4e8743189da9e43ef5ae8941724f7f3cfb09efa7079025b526b439687
-
SSDEEP
12288:BErIIoMZAYCu9gpDLoQV7EvknemE0IvyNnJV4ilzP3X:WVOKSpD59Es7bIaNz4OP3X
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-