General
-
Target
cd2b16aec722d55b072de033569b72c8050b95682306283b0cdd066f3b6a5384
-
Size
317KB
-
Sample
221020-f1yy8affbl
-
MD5
7353f4bd65efc964b1a03e5c0db16a00
-
SHA1
0a2b0907de135d0501c739684c9c38d784423323
-
SHA256
cd2b16aec722d55b072de033569b72c8050b95682306283b0cdd066f3b6a5384
-
SHA512
e2d89b415af07ccc2cce86809749f8723338fcaac979639b72095bd9d8d378736a05781aef7bff4e4c16549fb0e8adcdb779ede04d3304fd14c66de8b7853190
-
SSDEEP
6144:XB2C2wKjhNXXQxJqdrIW7lWP/zUNedm1sS:XB2C2wKXQnqd7YPrg1
Static task
static1
Behavioral task
behavioral1
Sample
cd2b16aec722d55b072de033569b72c8050b95682306283b0cdd066f3b6a5384.exe
Resource
win7-20220901-en
Malware Config
Targets
-
-
Target
cd2b16aec722d55b072de033569b72c8050b95682306283b0cdd066f3b6a5384
-
Size
317KB
-
MD5
7353f4bd65efc964b1a03e5c0db16a00
-
SHA1
0a2b0907de135d0501c739684c9c38d784423323
-
SHA256
cd2b16aec722d55b072de033569b72c8050b95682306283b0cdd066f3b6a5384
-
SHA512
e2d89b415af07ccc2cce86809749f8723338fcaac979639b72095bd9d8d378736a05781aef7bff4e4c16549fb0e8adcdb779ede04d3304fd14c66de8b7853190
-
SSDEEP
6144:XB2C2wKjhNXXQxJqdrIW7lWP/zUNedm1sS:XB2C2wKXQnqd7YPrg1
-
NetWire RAT payload
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-