General
-
Target
c3da75b39650dd66fa445a7a120b6383.exe
-
Size
1.2MB
-
Sample
220922-mpyyeabcb5
-
MD5
c3da75b39650dd66fa445a7a120b6383
-
SHA1
22e7e85a8ba70a9d5e4c1cfb74365418ef5f45fe
-
SHA256
67f5ddf21cf15cefce056ddbe7bbcb3a3a7cd3551c0c1aec77360de58d820786
-
SHA512
a6e6cf1b95a314bc3bf81cee1aadc3657df3d40dba3518480cbe1e121cda6dc3a8a50cc3e3f5d13188a788783db612c1b1d51d3652c92de865a2ed8ca555bac4
-
SSDEEP
24576:MAOcZXgZd9/IhSnxay31+k97w84cKSVlioyvt1qztey4Zodu:a3YSMA1+YUcKsscey4Zh
Static task
static1
Behavioral task
behavioral1
Sample
c3da75b39650dd66fa445a7a120b6383.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
c3da75b39650dd66fa445a7a120b6383.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
c3da75b39650dd66fa445a7a120b6383.exe
-
Size
1.2MB
-
MD5
c3da75b39650dd66fa445a7a120b6383
-
SHA1
22e7e85a8ba70a9d5e4c1cfb74365418ef5f45fe
-
SHA256
67f5ddf21cf15cefce056ddbe7bbcb3a3a7cd3551c0c1aec77360de58d820786
-
SHA512
a6e6cf1b95a314bc3bf81cee1aadc3657df3d40dba3518480cbe1e121cda6dc3a8a50cc3e3f5d13188a788783db612c1b1d51d3652c92de865a2ed8ca555bac4
-
SSDEEP
24576:MAOcZXgZd9/IhSnxay31+k97w84cKSVlioyvt1qztey4Zodu:a3YSMA1+YUcKsscey4Zh
-
NetWire RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-