General
-
Target
b1a39493d8d12f50b5bda4a3605ab3575a52cf8bf8d7af7c5e3985298247338d
-
Size
187KB
-
Sample
221126-qp7r4aaf8s
-
MD5
ad7bc59f118db2248df15b978dc7bdb2
-
SHA1
e3a2d9607989b7df2986f885a606241f2c957dab
-
SHA256
b1a39493d8d12f50b5bda4a3605ab3575a52cf8bf8d7af7c5e3985298247338d
-
SHA512
12564d82a766818543b05653f9100e7a2ddcb1faf4aa49b716a792754f6534fb3469d85d9055cb5e876a5edadee16c3b86145b196984e98aec028feb6a2a18e1
-
SSDEEP
3072:280LpCyI1k942N8n+N5JqFhgdHX5dadANxM0uT/Afz/w04hT8YI3DZn43YSnl00e:28ICyIOW2u+khOp4CM0UAL5Ao6I
Static task
static1
Behavioral task
behavioral1
Sample
b1a39493d8d12f50b5bda4a3605ab3575a52cf8bf8d7af7c5e3985298247338d.exe
Resource
win7-20221111-en
Malware Config
Targets
-
-
Target
b1a39493d8d12f50b5bda4a3605ab3575a52cf8bf8d7af7c5e3985298247338d
-
Size
187KB
-
MD5
ad7bc59f118db2248df15b978dc7bdb2
-
SHA1
e3a2d9607989b7df2986f885a606241f2c957dab
-
SHA256
b1a39493d8d12f50b5bda4a3605ab3575a52cf8bf8d7af7c5e3985298247338d
-
SHA512
12564d82a766818543b05653f9100e7a2ddcb1faf4aa49b716a792754f6534fb3469d85d9055cb5e876a5edadee16c3b86145b196984e98aec028feb6a2a18e1
-
SSDEEP
3072:280LpCyI1k942N8n+N5JqFhgdHX5dadANxM0uT/Afz/w04hT8YI3DZn43YSnl00e:28ICyIOW2u+khOp4CM0UAL5Ao6I
-
NetWire RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-