General
-
Target
17c7284c36afc584e97304bcc919260d74bc51427e41b594f2c31ffe4abd6a43
-
Size
559KB
-
Sample
221123-r9egqadg2w
-
MD5
bf6fee94cfb3d3074f9b5610c92c8736
-
SHA1
275d6c72eaf3ff795d9c9ce0d8589529117dc3da
-
SHA256
17c7284c36afc584e97304bcc919260d74bc51427e41b594f2c31ffe4abd6a43
-
SHA512
db15afafc57b654d3ec119ee6b509ddee62d31cea74cd5ae9ce8811e16f7e3e65571b975d55013311bfc7cd4a3b1dd6e479710275553b119fc8082cbd74810d5
-
SSDEEP
6144:rFhmxTB7drI/7gkzKTr6gQu4ZGhp2y8A/f5c/m6bBApevftP89:vKv6gQu4Aph5QlipeHw
Static task
static1
Behavioral task
behavioral1
Sample
17c7284c36afc584e97304bcc919260d74bc51427e41b594f2c31ffe4abd6a43.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
17c7284c36afc584e97304bcc919260d74bc51427e41b594f2c31ffe4abd6a43.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
17c7284c36afc584e97304bcc919260d74bc51427e41b594f2c31ffe4abd6a43
-
Size
559KB
-
MD5
bf6fee94cfb3d3074f9b5610c92c8736
-
SHA1
275d6c72eaf3ff795d9c9ce0d8589529117dc3da
-
SHA256
17c7284c36afc584e97304bcc919260d74bc51427e41b594f2c31ffe4abd6a43
-
SHA512
db15afafc57b654d3ec119ee6b509ddee62d31cea74cd5ae9ce8811e16f7e3e65571b975d55013311bfc7cd4a3b1dd6e479710275553b119fc8082cbd74810d5
-
SSDEEP
6144:rFhmxTB7drI/7gkzKTr6gQu4ZGhp2y8A/f5c/m6bBApevftP89:vKv6gQu4Aph5QlipeHw
Score10/10-
Modifies WinLogon for persistence
-
NetWire RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-