General
-
Target
88ba7e0ba10304a03661c41a262e6c84ff67d37e7d56a174ca8a64ee36b0f03f.exe
-
Size
160KB
-
Sample
230213-1f26csfg9v
-
MD5
0f9a0f87d345043fe299242869d0bd40
-
SHA1
9daec976b7832eb7d07aeb63dba737a3aec0e159
-
SHA256
88ba7e0ba10304a03661c41a262e6c84ff67d37e7d56a174ca8a64ee36b0f03f
-
SHA512
fe767e65698df5d7c7a4e43b5740591be82020eb854acbc21ad880625e589ed5faaf1d9833bf2d2454e0711abc21f32196c4e78fb09905558dfd98757d574d8d
-
SSDEEP
3072:jOzPcXa+ND32eioGHlz8rnAE0HCXh0edLvuYMjMqqDvFf:jOTcK+NrRioGHlz8rz0i/uzQqqDvFf
Behavioral task
behavioral1
Sample
88ba7e0ba10304a03661c41a262e6c84ff67d37e7d56a174ca8a64ee36b0f03f.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
88ba7e0ba10304a03661c41a262e6c84ff67d37e7d56a174ca8a64ee36b0f03f.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
netwire
101.99.94.212:3365
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
88ba7e0ba10304a03661c41a262e6c84ff67d37e7d56a174ca8a64ee36b0f03f.exe
-
Size
160KB
-
MD5
0f9a0f87d345043fe299242869d0bd40
-
SHA1
9daec976b7832eb7d07aeb63dba737a3aec0e159
-
SHA256
88ba7e0ba10304a03661c41a262e6c84ff67d37e7d56a174ca8a64ee36b0f03f
-
SHA512
fe767e65698df5d7c7a4e43b5740591be82020eb854acbc21ad880625e589ed5faaf1d9833bf2d2454e0711abc21f32196c4e78fb09905558dfd98757d574d8d
-
SSDEEP
3072:jOzPcXa+ND32eioGHlz8rnAE0HCXh0edLvuYMjMqqDvFf:jOTcK+NrRioGHlz8rz0i/uzQqqDvFf
Score10/10-
Modifies system executable filetype association
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-