General
-
Target
53ae1444e8206f330eb260f844f1bce6d6c25bda28b71df10a7db0bbba34b013
-
Size
471KB
-
Sample
221126-12jwxacd4z
-
MD5
ea20d11e52523d107699a5d829a30325
-
SHA1
abcdb6f32ee84eb7a4e96bf345097f9ee49a52e5
-
SHA256
53ae1444e8206f330eb260f844f1bce6d6c25bda28b71df10a7db0bbba34b013
-
SHA512
5ab2ed273fda016a9cd1f201c261f1ef9dfaedb0cef58bc6390ad30832c97d6b7c2989e9fed64f61a2c52cd89b8d186fe45d05a3434516f310dd62c5ec7c5022
-
SSDEEP
6144:bETwf8NyUAsVkv0AC51jFELREqDg9TtFqH6DnY7IVF74VFyZwco0yVq3F:b2wINc0A4dgluTaID8xcX3F
Static task
static1
Behavioral task
behavioral1
Sample
53ae1444e8206f330eb260f844f1bce6d6c25bda28b71df10a7db0bbba34b013.rtf
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
53ae1444e8206f330eb260f844f1bce6d6c25bda28b71df10a7db0bbba34b013.rtf
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
53ae1444e8206f330eb260f844f1bce6d6c25bda28b71df10a7db0bbba34b013
-
Size
471KB
-
MD5
ea20d11e52523d107699a5d829a30325
-
SHA1
abcdb6f32ee84eb7a4e96bf345097f9ee49a52e5
-
SHA256
53ae1444e8206f330eb260f844f1bce6d6c25bda28b71df10a7db0bbba34b013
-
SHA512
5ab2ed273fda016a9cd1f201c261f1ef9dfaedb0cef58bc6390ad30832c97d6b7c2989e9fed64f61a2c52cd89b8d186fe45d05a3434516f310dd62c5ec7c5022
-
SSDEEP
6144:bETwf8NyUAsVkv0AC51jFELREqDg9TtFqH6DnY7IVF74VFyZwco0yVq3F:b2wINc0A4dgluTaID8xcX3F
-
NetWire RAT payload
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-