General
-
Target
8c907dfac7b88b74f60ed80c6acc916d94caa5ab36aac4db4597f215483afe05
-
Size
558KB
-
Sample
221123-qz37naad3s
-
MD5
84c23174883bfc6185c61eb1106e4d2e
-
SHA1
59df87cd5af71f76db82d384379db01f56adc96c
-
SHA256
8c907dfac7b88b74f60ed80c6acc916d94caa5ab36aac4db4597f215483afe05
-
SHA512
601efcaa36ae9a1a08bbb964057d8911306e34a2c7a0d7dda0914d0bd725cd4e8b1b32e5c88fe6011d70363088f3a26763c42b18a326b36788c66a5545bd6a92
-
SSDEEP
6144:PFhmxTB7drI/7gkzKTr6gQutC24l8Pksw3sBb31+6iKtMHqCKBNdGh8Ab:TKv6gQutC/gy3sB31+D8MHNNb
Static task
static1
Behavioral task
behavioral1
Sample
8c907dfac7b88b74f60ed80c6acc916d94caa5ab36aac4db4597f215483afe05.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
8c907dfac7b88b74f60ed80c6acc916d94caa5ab36aac4db4597f215483afe05.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
8c907dfac7b88b74f60ed80c6acc916d94caa5ab36aac4db4597f215483afe05
-
Size
558KB
-
MD5
84c23174883bfc6185c61eb1106e4d2e
-
SHA1
59df87cd5af71f76db82d384379db01f56adc96c
-
SHA256
8c907dfac7b88b74f60ed80c6acc916d94caa5ab36aac4db4597f215483afe05
-
SHA512
601efcaa36ae9a1a08bbb964057d8911306e34a2c7a0d7dda0914d0bd725cd4e8b1b32e5c88fe6011d70363088f3a26763c42b18a326b36788c66a5545bd6a92
-
SSDEEP
6144:PFhmxTB7drI/7gkzKTr6gQutC24l8Pksw3sBb31+6iKtMHqCKBNdGh8Ab:TKv6gQutC/gy3sB31+D8MHNNb
Score10/10-
Modifies WinLogon for persistence
-
NetWire RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-