General
-
Target
15d996fe436dc316a84767c8672e8164706d44468381eda35988ea4ebee9deb1
-
Size
132KB
-
Sample
221126-e2p72afb6x
-
MD5
800bf6030c855beff04c828405712a71
-
SHA1
3ace3a76b0d05e3667568997a73ce1264a25fb93
-
SHA256
15d996fe436dc316a84767c8672e8164706d44468381eda35988ea4ebee9deb1
-
SHA512
1731114cecbc465b0365d6a1f8f4afc918cd7aa401241f844efbbf3219f54505e1eca53d70d88620c199abbca377e87636666cae608d6cb77fca66bf0d767669
-
SSDEEP
3072:kDQkrZoosbIfXJvWaZkPZqnCQE4L6AAcMIKAhlz0sjLJFH:kDpoeUdqCQE26A/dKAj7zH
Static task
static1
Behavioral task
behavioral1
Sample
15d996fe436dc316a84767c8672e8164706d44468381eda35988ea4ebee9deb1.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
15d996fe436dc316a84767c8672e8164706d44468381eda35988ea4ebee9deb1.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
15d996fe436dc316a84767c8672e8164706d44468381eda35988ea4ebee9deb1
-
Size
132KB
-
MD5
800bf6030c855beff04c828405712a71
-
SHA1
3ace3a76b0d05e3667568997a73ce1264a25fb93
-
SHA256
15d996fe436dc316a84767c8672e8164706d44468381eda35988ea4ebee9deb1
-
SHA512
1731114cecbc465b0365d6a1f8f4afc918cd7aa401241f844efbbf3219f54505e1eca53d70d88620c199abbca377e87636666cae608d6cb77fca66bf0d767669
-
SSDEEP
3072:kDQkrZoosbIfXJvWaZkPZqnCQE4L6AAcMIKAhlz0sjLJFH:kDpoeUdqCQE26A/dKAj7zH
Score10/10-
NetWire RAT payload
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-