General
-
Target
DF3AE349E21A4C63465FDDB69D250CBB949FF24FF8D82.exe
-
Size
600KB
-
Sample
220711-de2f4sebar
-
MD5
b695909a4b4b1aba822856cf9b5c3654
-
SHA1
2700da2718fc48ce83cd00bcb63a8c9673307e1a
-
SHA256
df3ae349e21a4c63465fddb69d250cbb949ff24ff8d82592013ab93e330519d0
-
SHA512
f44ebb1c41dd06e6cba3f9636ddee4815fb3a2ccbf94ff6a08d1843321044bfd9b3968545bceead6c6402d4a1c1d7cad54608bc6ab54de7af3de033b62c7baf3
Malware Config
Targets
-
-
Target
DF3AE349E21A4C63465FDDB69D250CBB949FF24FF8D82.exe
-
Size
600KB
-
MD5
b695909a4b4b1aba822856cf9b5c3654
-
SHA1
2700da2718fc48ce83cd00bcb63a8c9673307e1a
-
SHA256
df3ae349e21a4c63465fddb69d250cbb949ff24ff8d82592013ab93e330519d0
-
SHA512
f44ebb1c41dd06e6cba3f9636ddee4815fb3a2ccbf94ff6a08d1843321044bfd9b3968545bceead6c6402d4a1c1d7cad54608bc6ab54de7af3de033b62c7baf3
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-