General
-
Target
1c61c1b5a0420e288ba79646b6008774fefa4ba11399485637cb9bc7afcb9cc9
-
Size
449KB
-
Sample
220521-a6bszsedbj
-
MD5
61fd67760b27ff651d40edd85da49e00
-
SHA1
31858941e2066d2246a8b98c8c64ef520c902adb
-
SHA256
1c61c1b5a0420e288ba79646b6008774fefa4ba11399485637cb9bc7afcb9cc9
-
SHA512
9b0fc7680b2c84d908e9fa82f4fd1f92ccf28a7789a7f8d34e4d7f71a970e33d3daae3e936abc29a510fd0db2f21eca0497f78f40aa9dae2f170ee24e938fdf5
Static task
static1
Behavioral task
behavioral1
Sample
detail-information.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
detail-information.exe
-
Size
494KB
-
MD5
07591af2349f8ebc5789fcb0b60c7c91
-
SHA1
828bcdd3d1e32d2ed0b0660fc92f41a562d4d466
-
SHA256
b50a0ea3d467e25e9c1917668e10f70e67434e468fcecbb1d3a927a3f105dbfa
-
SHA512
8bc1068c0d85f62176fe8e23ec23ecbcfaa1296d379c26ff5fe7ee274c5ef7d12b7a1fec44941eca9841af17c61c5c1b3ad50739fb5d5baadd72bf2feef48ad3
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Suspicious use of SetThreadContext
-