General
-
Target
e90d755caf827cf375b356ed7d6cb4394fcece52aaf1f0af855da91b185cd87c
-
Size
118KB
-
Sample
221125-vhxqrsbg34
-
MD5
3de72af0cc5d47116af5b850c667520b
-
SHA1
e18643335c1980a0e9353fbea08f9f375a4e37b4
-
SHA256
e90d755caf827cf375b356ed7d6cb4394fcece52aaf1f0af855da91b185cd87c
-
SHA512
5e2d6f3fde0a7fec0cd24ac341e7243b4981837abb565e40f76f5755aebdac0e640a013662a5285f2799880d08d67b8f02072c1bc7d6f46c7ad7795d09a85202
-
SSDEEP
3072:6c/kS4LzjHNkmUeUEGa8g7zUrR00Sj5eD:6ikSi4elRzAREle
Static task
static1
Behavioral task
behavioral1
Sample
e90d755caf827cf375b356ed7d6cb4394fcece52aaf1f0af855da91b185cd87c.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
e90d755caf827cf375b356ed7d6cb4394fcece52aaf1f0af855da91b185cd87c.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
e90d755caf827cf375b356ed7d6cb4394fcece52aaf1f0af855da91b185cd87c
-
Size
118KB
-
MD5
3de72af0cc5d47116af5b850c667520b
-
SHA1
e18643335c1980a0e9353fbea08f9f375a4e37b4
-
SHA256
e90d755caf827cf375b356ed7d6cb4394fcece52aaf1f0af855da91b185cd87c
-
SHA512
5e2d6f3fde0a7fec0cd24ac341e7243b4981837abb565e40f76f5755aebdac0e640a013662a5285f2799880d08d67b8f02072c1bc7d6f46c7ad7795d09a85202
-
SSDEEP
3072:6c/kS4LzjHNkmUeUEGa8g7zUrR00Sj5eD:6ikSi4elRzAREle
Score10/10-
NetWire RAT payload
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-