General
-
Target
bfb42fd322093caf2e9e05ffa8e5280ec42e26217cfdbfd826f03c6cd6aae678
-
Size
93KB
-
Sample
221029-ee6lhaaea2
-
MD5
5bb68067ca34e94b875b3c56e3b31e48
-
SHA1
b19f3c751f56ee29b5b768be227d79650b862e30
-
SHA256
bfb42fd322093caf2e9e05ffa8e5280ec42e26217cfdbfd826f03c6cd6aae678
-
SHA512
452fb63eea301bb796c373ad03c4fefd35f568b3215e64674da2b6ec742ba01ad5aeea7d4088b24907ccbf97500bced4effab4dded8d35b90fcd4401ce3ba808
-
SSDEEP
1536:taAa6KHHzzvPAcDGPyB+iKJB5ukReNwcGgMdPsErZRjIIe0y:+/PlDKw+PI9wcGTdPsaTf
Static task
static1
Behavioral task
behavioral1
Sample
bfb42fd322093caf2e9e05ffa8e5280ec42e26217cfdbfd826f03c6cd6aae678.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
bfb42fd322093caf2e9e05ffa8e5280ec42e26217cfdbfd826f03c6cd6aae678
-
Size
93KB
-
MD5
5bb68067ca34e94b875b3c56e3b31e48
-
SHA1
b19f3c751f56ee29b5b768be227d79650b862e30
-
SHA256
bfb42fd322093caf2e9e05ffa8e5280ec42e26217cfdbfd826f03c6cd6aae678
-
SHA512
452fb63eea301bb796c373ad03c4fefd35f568b3215e64674da2b6ec742ba01ad5aeea7d4088b24907ccbf97500bced4effab4dded8d35b90fcd4401ce3ba808
-
SSDEEP
1536:taAa6KHHzzvPAcDGPyB+iKJB5ukReNwcGgMdPsErZRjIIe0y:+/PlDKw+PI9wcGTdPsaTf
-
NetWire RAT payload
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-