General
-
Target
126feeab6023c05b4b00766973e90a3d7ff644fb0b8a616f6033a59fc4afea0f
-
Size
129KB
-
Sample
221126-e2xl4sbh39
-
MD5
57ad0a40e639efe98229702c44932a01
-
SHA1
b6a9b7def360bd7b70bea8fc9be2d10a988587c6
-
SHA256
126feeab6023c05b4b00766973e90a3d7ff644fb0b8a616f6033a59fc4afea0f
-
SHA512
c141f99517fc11e1fce265e1437e5dbfabaa7907ada8e7ab474fc2a0e666400c0f639f468dfe247d6dee93ba1c44f1e8c7109a96b97c5fddde7df99cf6d5bb47
-
SSDEEP
3072:kDQkrZoosbIfXJB8W5Ak1VMF/tCpakNVKjaiifB5m6Fuavy:kDpoe/5AkcMskNUjMFuavy
Static task
static1
Behavioral task
behavioral1
Sample
126feeab6023c05b4b00766973e90a3d7ff644fb0b8a616f6033a59fc4afea0f.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
126feeab6023c05b4b00766973e90a3d7ff644fb0b8a616f6033a59fc4afea0f.exe
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
126feeab6023c05b4b00766973e90a3d7ff644fb0b8a616f6033a59fc4afea0f
-
Size
129KB
-
MD5
57ad0a40e639efe98229702c44932a01
-
SHA1
b6a9b7def360bd7b70bea8fc9be2d10a988587c6
-
SHA256
126feeab6023c05b4b00766973e90a3d7ff644fb0b8a616f6033a59fc4afea0f
-
SHA512
c141f99517fc11e1fce265e1437e5dbfabaa7907ada8e7ab474fc2a0e666400c0f639f468dfe247d6dee93ba1c44f1e8c7109a96b97c5fddde7df99cf6d5bb47
-
SSDEEP
3072:kDQkrZoosbIfXJB8W5Ak1VMF/tCpakNVKjaiifB5m6Fuavy:kDpoe/5AkcMskNUjMFuavy
Score10/10-
NetWire RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-