General
-
Target
36255768ea0e742455a1146fdffe10c83de7cf69c1c4d7f9cae763ac6df4293c
-
Size
761KB
-
Sample
221122-zvh6cscc5s
-
MD5
0bbbe39130aa0cfdcc59fbafb00ea6c9
-
SHA1
d1ce34e3002e896a5b672f8ddb2dba6856abf292
-
SHA256
36255768ea0e742455a1146fdffe10c83de7cf69c1c4d7f9cae763ac6df4293c
-
SHA512
43018d5e9f4f61a025aba8f53bff0ff4d8995bd71d75709b29edca4da65d91833761491718001efe87a48ee04bd625da2ddc1583e525a343171d0fadb0843a7f
-
SSDEEP
12288:5at0EAH49n8Bk8/MmCfj2U8D+Foc1xu93NoG/+d5Wel666rnyCaeu/HHxI:It24Hm0j2UToc1xuzoVF58KG
Static task
static1
Behavioral task
behavioral1
Sample
36255768ea0e742455a1146fdffe10c83de7cf69c1c4d7f9cae763ac6df4293c.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
36255768ea0e742455a1146fdffe10c83de7cf69c1c4d7f9cae763ac6df4293c.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
36255768ea0e742455a1146fdffe10c83de7cf69c1c4d7f9cae763ac6df4293c
-
Size
761KB
-
MD5
0bbbe39130aa0cfdcc59fbafb00ea6c9
-
SHA1
d1ce34e3002e896a5b672f8ddb2dba6856abf292
-
SHA256
36255768ea0e742455a1146fdffe10c83de7cf69c1c4d7f9cae763ac6df4293c
-
SHA512
43018d5e9f4f61a025aba8f53bff0ff4d8995bd71d75709b29edca4da65d91833761491718001efe87a48ee04bd625da2ddc1583e525a343171d0fadb0843a7f
-
SSDEEP
12288:5at0EAH49n8Bk8/MmCfj2U8D+Foc1xu93NoG/+d5Wel666rnyCaeu/HHxI:It24Hm0j2UToc1xuzoVF58KG
-
Modifies visiblity of hidden/system files in Explorer
-
NetWire RAT payload
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-