General
-
Target
52c628d4ea2b7d5bc60e8882c68afba47f956ea81dcdf4a70f5365b126eee8d3
-
Size
129KB
-
Sample
221126-e2plhabh28
-
MD5
1becde67c46c27c90421ea17bfdb64dd
-
SHA1
26e69f0a5405ccd5864419b220e04ceeeed4d141
-
SHA256
52c628d4ea2b7d5bc60e8882c68afba47f956ea81dcdf4a70f5365b126eee8d3
-
SHA512
df60756353c6c1744111556b0b7a383048b009a9e8ff01ad15931b30e8cbf648ab0cdee276b856575236037af0e034fb4832dc1e2265bb54ca1fdfec45b10e8b
-
SSDEEP
3072:IDQkrZoosbIfXJmWHLCITMh7/o7/803UIneY7zXz+OW:IDpoefWIc/o700kIeY7jz+r
Static task
static1
Behavioral task
behavioral1
Sample
52c628d4ea2b7d5bc60e8882c68afba47f956ea81dcdf4a70f5365b126eee8d3.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
52c628d4ea2b7d5bc60e8882c68afba47f956ea81dcdf4a70f5365b126eee8d3.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
52c628d4ea2b7d5bc60e8882c68afba47f956ea81dcdf4a70f5365b126eee8d3
-
Size
129KB
-
MD5
1becde67c46c27c90421ea17bfdb64dd
-
SHA1
26e69f0a5405ccd5864419b220e04ceeeed4d141
-
SHA256
52c628d4ea2b7d5bc60e8882c68afba47f956ea81dcdf4a70f5365b126eee8d3
-
SHA512
df60756353c6c1744111556b0b7a383048b009a9e8ff01ad15931b30e8cbf648ab0cdee276b856575236037af0e034fb4832dc1e2265bb54ca1fdfec45b10e8b
-
SSDEEP
3072:IDQkrZoosbIfXJmWHLCITMh7/o7/803UIneY7zXz+OW:IDpoefWIc/o700kIeY7jz+r
Score10/10-
NetWire RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-