General
-
Target
17c5a1d3469610c95de445590f2a3d66a2c7a3ffac39085982620449ce42a008
-
Size
827KB
-
Sample
220520-rs584sbcfm
-
MD5
03f29ca4710c10bcd05f1e07bbbb2eac
-
SHA1
471c5eace5ea0811771c162206c797283722d92a
-
SHA256
17c5a1d3469610c95de445590f2a3d66a2c7a3ffac39085982620449ce42a008
-
SHA512
98236e96cfd46c96dc818722d2efbed379c715972efab37414d15000379f10d539195b8a7f2d53a2c3628955c953aa230bdcac2cbd44ed2f444af4a398a90218
Static task
static1
Behavioral task
behavioral1
Sample
17c5a1d3469610c95de445590f2a3d66a2c7a3ffac39085982620449ce42a008.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
17c5a1d3469610c95de445590f2a3d66a2c7a3ffac39085982620449ce42a008.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
17c5a1d3469610c95de445590f2a3d66a2c7a3ffac39085982620449ce42a008
-
Size
827KB
-
MD5
03f29ca4710c10bcd05f1e07bbbb2eac
-
SHA1
471c5eace5ea0811771c162206c797283722d92a
-
SHA256
17c5a1d3469610c95de445590f2a3d66a2c7a3ffac39085982620449ce42a008
-
SHA512
98236e96cfd46c96dc818722d2efbed379c715972efab37414d15000379f10d539195b8a7f2d53a2c3628955c953aa230bdcac2cbd44ed2f444af4a398a90218
Score10/10-
NetWire RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-