General
-
Target
6910f1b44a3e1b208f34f96df8e553d7b8bcfe1c75ebd0a4e0407eab3e5f8077
-
Size
109KB
-
Sample
221125-anszjscg3x
-
MD5
7d9ca5f5b423bb33bda60994f81c6716
-
SHA1
05bc6d26466acb6a9f0eebe7769a3f475dc0c325
-
SHA256
6910f1b44a3e1b208f34f96df8e553d7b8bcfe1c75ebd0a4e0407eab3e5f8077
-
SHA512
3fe410bb4e1b3c39633ac2365147c58921c291d0fb8cd85a5fd6cdd8626c5da594085ff6fe4cc2a8863fd0eb41cdc3b8fbf166860c8dca8d7f3de7c69cf626cd
-
SSDEEP
1536:/muKdaM4TIOyzdZJAISBcBcXUozNxJzcqZj1JJZ6uIS9ySP7oCtAevkw03qz+TB:ilIyjcXtNxJz3Zj1XcNScSDKeM3n
Static task
static1
Behavioral task
behavioral1
Sample
6910f1b44a3e1b208f34f96df8e553d7b8bcfe1c75ebd0a4e0407eab3e5f8077.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
6910f1b44a3e1b208f34f96df8e553d7b8bcfe1c75ebd0a4e0407eab3e5f8077.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
6910f1b44a3e1b208f34f96df8e553d7b8bcfe1c75ebd0a4e0407eab3e5f8077
-
Size
109KB
-
MD5
7d9ca5f5b423bb33bda60994f81c6716
-
SHA1
05bc6d26466acb6a9f0eebe7769a3f475dc0c325
-
SHA256
6910f1b44a3e1b208f34f96df8e553d7b8bcfe1c75ebd0a4e0407eab3e5f8077
-
SHA512
3fe410bb4e1b3c39633ac2365147c58921c291d0fb8cd85a5fd6cdd8626c5da594085ff6fe4cc2a8863fd0eb41cdc3b8fbf166860c8dca8d7f3de7c69cf626cd
-
SSDEEP
1536:/muKdaM4TIOyzdZJAISBcBcXUozNxJzcqZj1JJZ6uIS9ySP7oCtAevkw03qz+TB:ilIyjcXtNxJz3Zj1XcNScSDKeM3n
Score10/10-
NetWire RAT payload
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-