General
-
Target
8deb6d11e709d78039023f7e935791d31c93846c1991c33dd061595499863feb
-
Size
376KB
-
Sample
221126-ajjv3sca5w
-
MD5
459a9784acc3b399353d69f2fa3f8b5b
-
SHA1
5e5e865827862a57962f8e35b09d9bd13743e468
-
SHA256
8deb6d11e709d78039023f7e935791d31c93846c1991c33dd061595499863feb
-
SHA512
69c67f2f337955a1d7a90e0a497b8063ff1c3aa39bb4df8409be785b5201a6a86f59842b296bfd01e9258f3c3bb254b75ebf77477cdf2f7bb0dfd0c99509a41c
-
SSDEEP
3072:LMiftEtorupusNhKBCMLxOAHIxc+4ywEQ2qTHah6YwqsXRmp8l3C8xpayOKOH:LlWtM6hKoInIxc+4Z9aQTmuh7va5pH
Static task
static1
Behavioral task
behavioral1
Sample
8deb6d11e709d78039023f7e935791d31c93846c1991c33dd061595499863feb.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
8deb6d11e709d78039023f7e935791d31c93846c1991c33dd061595499863feb.exe
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
8deb6d11e709d78039023f7e935791d31c93846c1991c33dd061595499863feb
-
Size
376KB
-
MD5
459a9784acc3b399353d69f2fa3f8b5b
-
SHA1
5e5e865827862a57962f8e35b09d9bd13743e468
-
SHA256
8deb6d11e709d78039023f7e935791d31c93846c1991c33dd061595499863feb
-
SHA512
69c67f2f337955a1d7a90e0a497b8063ff1c3aa39bb4df8409be785b5201a6a86f59842b296bfd01e9258f3c3bb254b75ebf77477cdf2f7bb0dfd0c99509a41c
-
SSDEEP
3072:LMiftEtorupusNhKBCMLxOAHIxc+4ywEQ2qTHah6YwqsXRmp8l3C8xpayOKOH:LlWtM6hKoInIxc+4Z9aQTmuh7va5pH
Score10/10-
NetWire RAT payload
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-