General
-
Target
bad749cf90bba616c3b4dc66bcc60a62b3bcd6286b731e90740f578a0e6d4970
-
Size
779KB
-
Sample
221029-f7zjbsdedk
-
MD5
d1822b2bd8c78299a0d9b89548800861
-
SHA1
9e04cf773926d88d69d617289a3d413c915a1447
-
SHA256
bad749cf90bba616c3b4dc66bcc60a62b3bcd6286b731e90740f578a0e6d4970
-
SHA512
8e4f805c2ff1ba145f1544d3c68b8af834ce557aba1a43d6fb6622cfdae259bec7a65f4a7edb889a2c600c5b838456032f1e40d0c44da48088d56fef9b537e9f
-
SSDEEP
12288:QK2mhAMJ/cPlZZbsRcrjztWwctzEDwU4FhTtcc68h7UHy5y+TS4SMQaD/FYkSZQI:N2O/GlZZSc/zcwSQ94j97Aml9SZW73cF
Static task
static1
Behavioral task
behavioral1
Sample
bad749cf90bba616c3b4dc66bcc60a62b3bcd6286b731e90740f578a0e6d4970.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
bad749cf90bba616c3b4dc66bcc60a62b3bcd6286b731e90740f578a0e6d4970
-
Size
779KB
-
MD5
d1822b2bd8c78299a0d9b89548800861
-
SHA1
9e04cf773926d88d69d617289a3d413c915a1447
-
SHA256
bad749cf90bba616c3b4dc66bcc60a62b3bcd6286b731e90740f578a0e6d4970
-
SHA512
8e4f805c2ff1ba145f1544d3c68b8af834ce557aba1a43d6fb6622cfdae259bec7a65f4a7edb889a2c600c5b838456032f1e40d0c44da48088d56fef9b537e9f
-
SSDEEP
12288:QK2mhAMJ/cPlZZbsRcrjztWwctzEDwU4FhTtcc68h7UHy5y+TS4SMQaD/FYkSZQI:N2O/GlZZSc/zcwSQ94j97Aml9SZW73cF
-
NetWire RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-