General
-
Target
54f4115c188c20b15718b0f9cacaf5569b26cc91d088eec672da1a2ba502d241
-
Size
411KB
-
Sample
221125-tc4rfshf24
-
MD5
99531c75262ac625760046aeee2e74c0
-
SHA1
a08137520da666f982b2d47626f7485eafb15b8b
-
SHA256
54f4115c188c20b15718b0f9cacaf5569b26cc91d088eec672da1a2ba502d241
-
SHA512
f857e4dac8594aaf02b63b564954657900e83533aa6c897bb41f989cdb081bc5514fc595067122dccb6075a4425b3519c607e874dcee4e24cb8b220cca993283
-
SSDEEP
6144:XwXihP1dml/gzaOuMIUbb4WhiU2YOKS9VhCTLtk4iazR:IihP1dmv5WshYM9Vhapk4VN
Static task
static1
Behavioral task
behavioral1
Sample
54f4115c188c20b15718b0f9cacaf5569b26cc91d088eec672da1a2ba502d241.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
54f4115c188c20b15718b0f9cacaf5569b26cc91d088eec672da1a2ba502d241.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
54f4115c188c20b15718b0f9cacaf5569b26cc91d088eec672da1a2ba502d241
-
Size
411KB
-
MD5
99531c75262ac625760046aeee2e74c0
-
SHA1
a08137520da666f982b2d47626f7485eafb15b8b
-
SHA256
54f4115c188c20b15718b0f9cacaf5569b26cc91d088eec672da1a2ba502d241
-
SHA512
f857e4dac8594aaf02b63b564954657900e83533aa6c897bb41f989cdb081bc5514fc595067122dccb6075a4425b3519c607e874dcee4e24cb8b220cca993283
-
SSDEEP
6144:XwXihP1dml/gzaOuMIUbb4WhiU2YOKS9VhCTLtk4iazR:IihP1dmv5WshYM9Vhapk4VN
Score10/10-
Modifies WinLogon for persistence
-
NetWire RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-