General
-
Target
74fa65bdc2b30888cd6732f8ccf9c438
-
Size
397KB
-
Sample
240125-t2pzlaaga9
-
MD5
74fa65bdc2b30888cd6732f8ccf9c438
-
SHA1
a2aa0495113e0f9db4153fc087048b53fdb1e18d
-
SHA256
8c3515df37a219842450dd3fb91bbade7cf8d8ec7fe17427f37cb4b83a3a237a
-
SHA512
95048ef938c046348cf420cf9da70c30a21a1bb4bb56b507a856a224c552e4eb08acd463e574b79eeef3e9bcc374cc11fd6f7331cac239f16b84bc856ab8b4d3
-
SSDEEP
6144:mZFV6YJoVLIW91ILonX9buxDNae0rMAZZV8mS2vS+44kgQj1nKh/AY6PuqjDobEH:0T6eoVH91nnX84vS+4qQNUhqjDoIYof
Behavioral task
behavioral1
Sample
74fa65bdc2b30888cd6732f8ccf9c438.exe
Resource
win7-20231215-en
Malware Config
Extracted
netwire
155.94.198.169:9112
-
activex_autorun
false
-
copy_executable
true
-
delete_original
false
-
host_id
Corona-Virus
-
install_path
%AppData%\Install\offiice365.exe
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Pounds
-
registry_autorun
true
-
startup_name
officeii365
-
use_mutex
false
Targets
-
-
Target
74fa65bdc2b30888cd6732f8ccf9c438
-
Size
397KB
-
MD5
74fa65bdc2b30888cd6732f8ccf9c438
-
SHA1
a2aa0495113e0f9db4153fc087048b53fdb1e18d
-
SHA256
8c3515df37a219842450dd3fb91bbade7cf8d8ec7fe17427f37cb4b83a3a237a
-
SHA512
95048ef938c046348cf420cf9da70c30a21a1bb4bb56b507a856a224c552e4eb08acd463e574b79eeef3e9bcc374cc11fd6f7331cac239f16b84bc856ab8b4d3
-
SSDEEP
6144:mZFV6YJoVLIW91ILonX9buxDNae0rMAZZV8mS2vS+44kgQj1nKh/AY6PuqjDobEH:0T6eoVH91nnX84vS+4qQNUhqjDoIYof
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-