General
-
Target
1e4a27850b6739e16df5786f16cc322042e9e6cf5734c5e213f1b2e0f93984be
-
Size
187KB
-
Sample
221029-h38ybafdb3
-
MD5
01a713e9c0dfaaaed49ad3c77bd23b8c
-
SHA1
91ae5b3f67e51a076c002a68d57450822f644836
-
SHA256
1e4a27850b6739e16df5786f16cc322042e9e6cf5734c5e213f1b2e0f93984be
-
SHA512
d59461758a50496fa8f8aa2b0471c31210f43d333f1809e5fe7b5f37d62c607ca1b8e3fc2a030abdc2e5edd568f85b6b4a96ce0d660832d396a752a4ef89c4cc
-
SSDEEP
3072:RoBYrfOh1KnnD69k9sjze6sFFUZedvaW64lfQ83VpvGaNbCvV7qSZJPfX0Li:RcJgD/9B5CZela+lX3bCt7qSZH
Static task
static1
Behavioral task
behavioral1
Sample
1e4a27850b6739e16df5786f16cc322042e9e6cf5734c5e213f1b2e0f93984be.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
1e4a27850b6739e16df5786f16cc322042e9e6cf5734c5e213f1b2e0f93984be
-
Size
187KB
-
MD5
01a713e9c0dfaaaed49ad3c77bd23b8c
-
SHA1
91ae5b3f67e51a076c002a68d57450822f644836
-
SHA256
1e4a27850b6739e16df5786f16cc322042e9e6cf5734c5e213f1b2e0f93984be
-
SHA512
d59461758a50496fa8f8aa2b0471c31210f43d333f1809e5fe7b5f37d62c607ca1b8e3fc2a030abdc2e5edd568f85b6b4a96ce0d660832d396a752a4ef89c4cc
-
SSDEEP
3072:RoBYrfOh1KnnD69k9sjze6sFFUZedvaW64lfQ83VpvGaNbCvV7qSZJPfX0Li:RcJgD/9B5CZela+lX3bCt7qSZH
-
NetWire RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-