General
-
Target
59c40f93040678f5340c707b6e5f50005821f6141d4db337d8b4b04405779d31
-
Size
356KB
-
Sample
220520-z9e29adfc2
-
MD5
ef08c05c6a5b07052db69ea5c69ecfa4
-
SHA1
fd3e69026e6de2476d807143026a341cc34f9d4d
-
SHA256
59c40f93040678f5340c707b6e5f50005821f6141d4db337d8b4b04405779d31
-
SHA512
66508a46e5b4424a5e280d220a0075f4501d0bf76a2e236b713aa0ebc5d8a3f82822bbe2a782bce2ce8756454c4c11019c315d796d0ebd6750ab0f38b198334c
Static task
static1
Behavioral task
behavioral1
Sample
59c40f93040678f5340c707b6e5f50005821f6141d4db337d8b4b04405779d31.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
59c40f93040678f5340c707b6e5f50005821f6141d4db337d8b4b04405779d31
-
Size
356KB
-
MD5
ef08c05c6a5b07052db69ea5c69ecfa4
-
SHA1
fd3e69026e6de2476d807143026a341cc34f9d4d
-
SHA256
59c40f93040678f5340c707b6e5f50005821f6141d4db337d8b4b04405779d31
-
SHA512
66508a46e5b4424a5e280d220a0075f4501d0bf76a2e236b713aa0ebc5d8a3f82822bbe2a782bce2ce8756454c4c11019c315d796d0ebd6750ab0f38b198334c
-
NetWire RAT payload
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-