General
-
Target
cf0f08c4deb691e58a68c5bc502b5db89e3b07bb8fdad9db49938fcb6b86c578
-
Size
68KB
-
Sample
221126-cr7m8ahf4t
-
MD5
c9bcba025fadca6fc4fba568eef82b1d
-
SHA1
aa2c6f346bcb4057c394c6c7fff6c925122e7e2b
-
SHA256
cf0f08c4deb691e58a68c5bc502b5db89e3b07bb8fdad9db49938fcb6b86c578
-
SHA512
0fa64c4cf91e3359ac5a26cfea84f621632964489030dd9d38bc61317f0055b1478dad6ba720f1eed2d3fe4e1d0a75a373665b554a80784fbb0416f138050f60
-
SSDEEP
1536:oJnrpcLAuel7XM0sXBnKSfzfcMCnouy8XKI7ehMHaa0CE:Srp6Arlux74outXKI7ehMHj8
Behavioral task
behavioral1
Sample
cf0f08c4deb691e58a68c5bc502b5db89e3b07bb8fdad9db49938fcb6b86c578.exe
Resource
win7-20221111-en
Malware Config
Targets
-
-
Target
cf0f08c4deb691e58a68c5bc502b5db89e3b07bb8fdad9db49938fcb6b86c578
-
Size
68KB
-
MD5
c9bcba025fadca6fc4fba568eef82b1d
-
SHA1
aa2c6f346bcb4057c394c6c7fff6c925122e7e2b
-
SHA256
cf0f08c4deb691e58a68c5bc502b5db89e3b07bb8fdad9db49938fcb6b86c578
-
SHA512
0fa64c4cf91e3359ac5a26cfea84f621632964489030dd9d38bc61317f0055b1478dad6ba720f1eed2d3fe4e1d0a75a373665b554a80784fbb0416f138050f60
-
SSDEEP
1536:oJnrpcLAuel7XM0sXBnKSfzfcMCnouy8XKI7ehMHaa0CE:Srp6Arlux74outXKI7ehMHj8
-
NetWire RAT payload
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-