General
-
Target
9fc49863c7226d428886386cbf707f4ef4a592c2ecc8549fe8206da18d3a8d4c
-
Size
941KB
-
Sample
221029-p5xrdsgbh2
-
MD5
de8b5bf85996fdf042f003dbf666f127
-
SHA1
69f502f7da3c50371aa65fcfc491c1dd9e8a1af4
-
SHA256
9fc49863c7226d428886386cbf707f4ef4a592c2ecc8549fe8206da18d3a8d4c
-
SHA512
b6372a6d318f4bdb1e979730a0931b6adc11f99ac05fb4b9dc6d02a588bb85b093a8a2621a352defef9651e065b5565bc6939bdd357806ccde08390cd8cc5801
-
SSDEEP
12288:+tb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSgaylegnRSN5i6A:+tb20pkaCqT5TBWgNQ7acegm5i6A
Static task
static1
Behavioral task
behavioral1
Sample
9fc49863c7226d428886386cbf707f4ef4a592c2ecc8549fe8206da18d3a8d4c.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
9fc49863c7226d428886386cbf707f4ef4a592c2ecc8549fe8206da18d3a8d4c.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
9fc49863c7226d428886386cbf707f4ef4a592c2ecc8549fe8206da18d3a8d4c
-
Size
941KB
-
MD5
de8b5bf85996fdf042f003dbf666f127
-
SHA1
69f502f7da3c50371aa65fcfc491c1dd9e8a1af4
-
SHA256
9fc49863c7226d428886386cbf707f4ef4a592c2ecc8549fe8206da18d3a8d4c
-
SHA512
b6372a6d318f4bdb1e979730a0931b6adc11f99ac05fb4b9dc6d02a588bb85b093a8a2621a352defef9651e065b5565bc6939bdd357806ccde08390cd8cc5801
-
SSDEEP
12288:+tb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSgaylegnRSN5i6A:+tb20pkaCqT5TBWgNQ7acegm5i6A
Score10/10-
NetWire RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-