General
-
Target
dbb7bd6fcc8d6536b345ad60b9a73f6347a7a3cdeeb6d70c30e3cc071bc385a9
-
Size
929KB
-
Sample
221029-qkcq6ahfdj
-
MD5
9b9168993c6917e4d22c803e5debae72
-
SHA1
8246cc5731773b5dd5b4cad5e4c9d647af5e6ab6
-
SHA256
dbb7bd6fcc8d6536b345ad60b9a73f6347a7a3cdeeb6d70c30e3cc071bc385a9
-
SHA512
27e1761af2a901da6f05220dbd9f3c77e85b53a48f5f23bcf1e59dc0a45b57f6f30fee89e96632f27c4a96c02e0f78ae04564f4ebd839103484b99dfd7281051
-
SSDEEP
12288:SK2mhAMJ/cPly0xW2/Npj8h7UZYE82Y5UKUL4n4y3Xp3SbSlQMYs:T2O/GlyEW2j47g6zwm4m53Sb21Ys
Static task
static1
Behavioral task
behavioral1
Sample
dbb7bd6fcc8d6536b345ad60b9a73f6347a7a3cdeeb6d70c30e3cc071bc385a9.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
dbb7bd6fcc8d6536b345ad60b9a73f6347a7a3cdeeb6d70c30e3cc071bc385a9
-
Size
929KB
-
MD5
9b9168993c6917e4d22c803e5debae72
-
SHA1
8246cc5731773b5dd5b4cad5e4c9d647af5e6ab6
-
SHA256
dbb7bd6fcc8d6536b345ad60b9a73f6347a7a3cdeeb6d70c30e3cc071bc385a9
-
SHA512
27e1761af2a901da6f05220dbd9f3c77e85b53a48f5f23bcf1e59dc0a45b57f6f30fee89e96632f27c4a96c02e0f78ae04564f4ebd839103484b99dfd7281051
-
SSDEEP
12288:SK2mhAMJ/cPly0xW2/Npj8h7UZYE82Y5UKUL4n4y3Xp3SbSlQMYs:T2O/GlyEW2j47g6zwm4m53Sb21Ys
-
NetWire RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-