General
-
Target
c30890cf168e8b2bee51789f1c6f7fc9d5f7bb293aceb33eb674d2b4aefb2b2f
-
Size
858KB
-
Sample
230213-ecyswaaf54
-
MD5
c51582aca3ed8628c84aa4e78a6d5521
-
SHA1
f69e5d553cd6848dc5f7de5128985beef992d98c
-
SHA256
c30890cf168e8b2bee51789f1c6f7fc9d5f7bb293aceb33eb674d2b4aefb2b2f
-
SHA512
c9dfeb3606df191870bba01c26d3d5c2c76bd2c4756d17bee0af008e537bbbe578aaaa15a553d99517dc6752fc8c5b7fb3b4f6b9cecc1210ccdf0df4541c6901
-
SSDEEP
12288:H69/qA5V8TO2R+fOD1kL9p+ThiJH2ygiNUDJOgbiZU6XgS0OKPlGwZtD:qqA5VIXbKppEUZS8UAPXgVOKP9PD
Static task
static1
Behavioral task
behavioral1
Sample
c30890cf168e8b2bee51789f1c6f7fc9d5f7bb293aceb33eb674d2b4aefb2b2f.exe
Resource
win7-20220901-en
Malware Config
Extracted
netwire
212.193.30.230:3363
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Password@2
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
c30890cf168e8b2bee51789f1c6f7fc9d5f7bb293aceb33eb674d2b4aefb2b2f
-
Size
858KB
-
MD5
c51582aca3ed8628c84aa4e78a6d5521
-
SHA1
f69e5d553cd6848dc5f7de5128985beef992d98c
-
SHA256
c30890cf168e8b2bee51789f1c6f7fc9d5f7bb293aceb33eb674d2b4aefb2b2f
-
SHA512
c9dfeb3606df191870bba01c26d3d5c2c76bd2c4756d17bee0af008e537bbbe578aaaa15a553d99517dc6752fc8c5b7fb3b4f6b9cecc1210ccdf0df4541c6901
-
SSDEEP
12288:H69/qA5V8TO2R+fOD1kL9p+ThiJH2ygiNUDJOgbiZU6XgS0OKPlGwZtD:qqA5VIXbKppEUZS8UAPXgVOKP9PD
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-