General
-
Target
aa63661edf36159a1d74f649cfec2c7d.exe
-
Size
902KB
-
Sample
230206-nfzzsadf67
-
MD5
aa63661edf36159a1d74f649cfec2c7d
-
SHA1
cc15fa8efcfb5ecdddc86b081788cfac888ce4fb
-
SHA256
c8a9fa4307b87bcbb0091ba8541431367cbad068a092a6a8e968e1d26aab3172
-
SHA512
f47d647543a928d7619211269876aa4bc0cf150078a8a9dd0d28e4e30aa648d026c3538efa71b2f1b99441371953a9729c4f9dcd8b1e1f6c5bc2d8dd5551f589
-
SSDEEP
24576:JA37TnTIW2gpMxdDOZXtFccXMeaJXCrxN5IC54TWM:OPcW2txdDOZXf3Uytgi
Static task
static1
Behavioral task
behavioral1
Sample
aa63661edf36159a1d74f649cfec2c7d.exe
Resource
win7-20221111-en
Malware Config
Extracted
netwire
156.96.113.208:7201
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
super%
-
lock_executable
false
-
mutex
vYtHuXLf
-
offline_keylogger
false
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
aa63661edf36159a1d74f649cfec2c7d.exe
-
Size
902KB
-
MD5
aa63661edf36159a1d74f649cfec2c7d
-
SHA1
cc15fa8efcfb5ecdddc86b081788cfac888ce4fb
-
SHA256
c8a9fa4307b87bcbb0091ba8541431367cbad068a092a6a8e968e1d26aab3172
-
SHA512
f47d647543a928d7619211269876aa4bc0cf150078a8a9dd0d28e4e30aa648d026c3538efa71b2f1b99441371953a9729c4f9dcd8b1e1f6c5bc2d8dd5551f589
-
SSDEEP
24576:JA37TnTIW2gpMxdDOZXtFccXMeaJXCrxN5IC54TWM:OPcW2txdDOZXf3Uytgi
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-