General
-
Target
0e46772713a33b1730aa103315ecb488bbc317bd79661fe121fe19eecad212d9
-
Size
153KB
-
Sample
221122-yy6kdsba61
-
MD5
7a00ed49ea7dd5fa0413eea66b92d6a9
-
SHA1
84cf9495fcada0d6a514c05ef91898ea79486afa
-
SHA256
0e46772713a33b1730aa103315ecb488bbc317bd79661fe121fe19eecad212d9
-
SHA512
8ebb6cad63db69760e351bcc1782176676181e6c1b6f7358a7f7c2db941fb199c513d28abeb145599e5faab8370f3188c9eeb6d26a6d7862a0fc44812a461b62
-
SSDEEP
3072:cckdgje2/L2Z+N6lF/XdVRzagQyt+YcpQV:cpByy+AF/XdVReS+
Static task
static1
Behavioral task
behavioral1
Sample
0e46772713a33b1730aa103315ecb488bbc317bd79661fe121fe19eecad212d9.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
0e46772713a33b1730aa103315ecb488bbc317bd79661fe121fe19eecad212d9.exe
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
0e46772713a33b1730aa103315ecb488bbc317bd79661fe121fe19eecad212d9
-
Size
153KB
-
MD5
7a00ed49ea7dd5fa0413eea66b92d6a9
-
SHA1
84cf9495fcada0d6a514c05ef91898ea79486afa
-
SHA256
0e46772713a33b1730aa103315ecb488bbc317bd79661fe121fe19eecad212d9
-
SHA512
8ebb6cad63db69760e351bcc1782176676181e6c1b6f7358a7f7c2db941fb199c513d28abeb145599e5faab8370f3188c9eeb6d26a6d7862a0fc44812a461b62
-
SSDEEP
3072:cckdgje2/L2Z+N6lF/XdVRzagQyt+YcpQV:cpByy+AF/XdVReS+
Score10/10-
NetWire RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-