General
-
Target
yRuwcim7PXjssd6.exe
-
Size
748KB
-
Sample
221102-tehl1aaag8
-
MD5
612e64600d10219b8eb801b2b60835ee
-
SHA1
7ad4a1c01ee74a96dfc618cba25dbd3cf3a072d6
-
SHA256
e4029ef5d391b9a380ed98a45f3e5a01eece6b7a1120ab17d6db0f8bb1309a47
-
SHA512
0b4c9712abd9d810e7862a9144505f89c305f34fbbd9e6340f8a8e7d413cda5918a98adbc1a773c397c88d08603bfa53d3e6adc6f167ed077242d7d2d13097cc
-
SSDEEP
12288:llvXId+2ouHH1JJ2iNXu2iN2kejwFGfzPTFbLddxDd9eBQIWgAhgwzzgiupOd:vq+Vu1j1A1UeGVrgXGzgiu8
Static task
static1
Behavioral task
behavioral1
Sample
yRuwcim7PXjssd6.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
yRuwcim7PXjssd6.exe
-
Size
748KB
-
MD5
612e64600d10219b8eb801b2b60835ee
-
SHA1
7ad4a1c01ee74a96dfc618cba25dbd3cf3a072d6
-
SHA256
e4029ef5d391b9a380ed98a45f3e5a01eece6b7a1120ab17d6db0f8bb1309a47
-
SHA512
0b4c9712abd9d810e7862a9144505f89c305f34fbbd9e6340f8a8e7d413cda5918a98adbc1a773c397c88d08603bfa53d3e6adc6f167ed077242d7d2d13097cc
-
SSDEEP
12288:llvXId+2ouHH1JJ2iNXu2iN2kejwFGfzPTFbLddxDd9eBQIWgAhgwzzgiupOd:vq+Vu1j1A1UeGVrgXGzgiu8
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-