General
-
Target
9deb011f2a31263ebdb05daecd84d4362005cea1dfce65dc6f077b094f9435ac
-
Size
806KB
-
Sample
221126-216vqafb61
-
MD5
aa8ac68af525eb1805fd80d36390524f
-
SHA1
fa2aec1760fe268813de00e4dbb2a6fb4f06e973
-
SHA256
9deb011f2a31263ebdb05daecd84d4362005cea1dfce65dc6f077b094f9435ac
-
SHA512
ae7ecb9c33cfab7588aaf7af498a500c2d532febf257407abd95c6d88cfeb18b3e1cacf96e15d224a11c824e623e957fc381d36f5fdb96e3892f643cad8a5c41
-
SSDEEP
12288:zhkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4a0nRBMvJ2dHsabd:5RmJkcoQricOIQxiZY1ia0nRBMkdd
Static task
static1
Behavioral task
behavioral1
Sample
9deb011f2a31263ebdb05daecd84d4362005cea1dfce65dc6f077b094f9435ac.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
9deb011f2a31263ebdb05daecd84d4362005cea1dfce65dc6f077b094f9435ac
-
Size
806KB
-
MD5
aa8ac68af525eb1805fd80d36390524f
-
SHA1
fa2aec1760fe268813de00e4dbb2a6fb4f06e973
-
SHA256
9deb011f2a31263ebdb05daecd84d4362005cea1dfce65dc6f077b094f9435ac
-
SHA512
ae7ecb9c33cfab7588aaf7af498a500c2d532febf257407abd95c6d88cfeb18b3e1cacf96e15d224a11c824e623e957fc381d36f5fdb96e3892f643cad8a5c41
-
SSDEEP
12288:zhkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4a0nRBMvJ2dHsabd:5RmJkcoQricOIQxiZY1ia0nRBMkdd
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-