General
-
Target
f5df171a28a643f70cf5c9cbde4fc1ab50f8371619c42ac87661fdf8eb57dcc2
-
Size
187KB
-
Sample
221126-qp66kaff48
-
MD5
e205017b3dfd197bbd2736ec075e6712
-
SHA1
6c0546c75a47f6c6cac66603d23eda86c3b67373
-
SHA256
f5df171a28a643f70cf5c9cbde4fc1ab50f8371619c42ac87661fdf8eb57dcc2
-
SHA512
5fcc7a371dd01f68cd82072b897f770842daeec3a8dccd0a6d4ba4c97ac517233df2b2e02c6168d175ac4b762136e6a1cb843df4483736973d1bcc5d749a8d7e
-
SSDEEP
3072:hF9RXZ4n9s5KaXzk7c4PHys5jIBPQYjt2Cep1JM4bQ/SICy01HlXzcccy:hF9RXZ49s44zkv5j3kt2CepdE/Wl
Static task
static1
Behavioral task
behavioral1
Sample
f5df171a28a643f70cf5c9cbde4fc1ab50f8371619c42ac87661fdf8eb57dcc2.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
f5df171a28a643f70cf5c9cbde4fc1ab50f8371619c42ac87661fdf8eb57dcc2.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
f5df171a28a643f70cf5c9cbde4fc1ab50f8371619c42ac87661fdf8eb57dcc2
-
Size
187KB
-
MD5
e205017b3dfd197bbd2736ec075e6712
-
SHA1
6c0546c75a47f6c6cac66603d23eda86c3b67373
-
SHA256
f5df171a28a643f70cf5c9cbde4fc1ab50f8371619c42ac87661fdf8eb57dcc2
-
SHA512
5fcc7a371dd01f68cd82072b897f770842daeec3a8dccd0a6d4ba4c97ac517233df2b2e02c6168d175ac4b762136e6a1cb843df4483736973d1bcc5d749a8d7e
-
SSDEEP
3072:hF9RXZ4n9s5KaXzk7c4PHys5jIBPQYjt2Cep1JM4bQ/SICy01HlXzcccy:hF9RXZ49s44zkv5j3kt2CepdE/Wl
Score10/10-
NetWire RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-