General
-
Target
221dad5e31cb4eb08c988678f1f87d01dba59dcd8b50f2aa44251886689473b9
-
Size
136KB
-
Sample
221120-mhax1acg71
-
MD5
06cf9a05d777a08ecc04c8502fbbac30
-
SHA1
ba53dd1b24d82e372ca2ce198d13011795d15587
-
SHA256
221dad5e31cb4eb08c988678f1f87d01dba59dcd8b50f2aa44251886689473b9
-
SHA512
4152b61e4688f9cffef6f01e4a420f630d93f900ea7131682c5ceadfbfc3bc363953e010925ccfa5c5a96ab50b3fc8bc9c54b981c2e6cfa8ebc242773cd2d013
-
SSDEEP
3072:tq/+4f56wDQlPGWm5vGIdupbixJobw5NIZ66LQ:tq//QlPGWAeIdupmxJoF66L
Static task
static1
Behavioral task
behavioral1
Sample
221dad5e31cb4eb08c988678f1f87d01dba59dcd8b50f2aa44251886689473b9.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
221dad5e31cb4eb08c988678f1f87d01dba59dcd8b50f2aa44251886689473b9.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
221dad5e31cb4eb08c988678f1f87d01dba59dcd8b50f2aa44251886689473b9
-
Size
136KB
-
MD5
06cf9a05d777a08ecc04c8502fbbac30
-
SHA1
ba53dd1b24d82e372ca2ce198d13011795d15587
-
SHA256
221dad5e31cb4eb08c988678f1f87d01dba59dcd8b50f2aa44251886689473b9
-
SHA512
4152b61e4688f9cffef6f01e4a420f630d93f900ea7131682c5ceadfbfc3bc363953e010925ccfa5c5a96ab50b3fc8bc9c54b981c2e6cfa8ebc242773cd2d013
-
SSDEEP
3072:tq/+4f56wDQlPGWm5vGIdupbixJobw5NIZ66LQ:tq//QlPGWAeIdupmxJoF66L
Score10/10-
NetWire RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-