General
-
Target
421f807e2c55f949f802ddfe3dfb49506f6efdc779ab1e7433e82b433b27686c
-
Size
61KB
-
Sample
221126-cr8waaed68
-
MD5
4d9de9ca2960fab3f0ff631023b2591f
-
SHA1
016e295275a3b77a46fde5e3566e2db9d44a1fb5
-
SHA256
421f807e2c55f949f802ddfe3dfb49506f6efdc779ab1e7433e82b433b27686c
-
SHA512
fd632f2d70a6edb0f96a0e19337d82830d5762a258d4fdaff4921b62d43ce12182beadd21de7ec834e59b78248f02ed1451fa5f7a95233e9a89588faeb64a519
-
SSDEEP
1536:WPlD5fJSwsqI4x939BH5hAiQVrAcdNFPljdFmo3RZ2fxdY:yJ5fD3BZy5WcBPtZZ0M
Behavioral task
behavioral1
Sample
newshipmentetasin.scr
Resource
win7-20220901-en
Malware Config
Targets
-
-
Target
newshipmentetasin.scr
-
Size
68KB
-
MD5
c9bcba025fadca6fc4fba568eef82b1d
-
SHA1
aa2c6f346bcb4057c394c6c7fff6c925122e7e2b
-
SHA256
cf0f08c4deb691e58a68c5bc502b5db89e3b07bb8fdad9db49938fcb6b86c578
-
SHA512
0fa64c4cf91e3359ac5a26cfea84f621632964489030dd9d38bc61317f0055b1478dad6ba720f1eed2d3fe4e1d0a75a373665b554a80784fbb0416f138050f60
-
SSDEEP
1536:oJnrpcLAuel7XM0sXBnKSfzfcMCnouy8XKI7ehMHaa0CE:Srp6Arlux74outXKI7ehMHj8
-
NetWire RAT payload
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-