General
-
Target
1374d806017136ac24ff2b892199c75513cae5267ab39deec422481be71c66d5
-
Size
1.5MB
-
Sample
221126-r6w8cseg3w
-
MD5
9f384cd0678f4af5298ce92e93076c24
-
SHA1
ba67cccd0cbec0fc78e6cea2501d43979b168d74
-
SHA256
1374d806017136ac24ff2b892199c75513cae5267ab39deec422481be71c66d5
-
SHA512
d375257c7a84ef7b11ec1f76bfbe9bf9ef91bc122cd43880ed82e5e4578c5f6edcef0e2b28c814937de9ae579d75e0cfc09fe6c86a06670f9c81289ce14be422
-
SSDEEP
12288:gcl48RTm7FWaEL5n62kJKOld30Jse4ohNv:gESYaU5nmKOn0suhNv
Static task
static1
Behavioral task
behavioral1
Sample
1374d806017136ac24ff2b892199c75513cae5267ab39deec422481be71c66d5.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
1374d806017136ac24ff2b892199c75513cae5267ab39deec422481be71c66d5.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
1374d806017136ac24ff2b892199c75513cae5267ab39deec422481be71c66d5
-
Size
1.5MB
-
MD5
9f384cd0678f4af5298ce92e93076c24
-
SHA1
ba67cccd0cbec0fc78e6cea2501d43979b168d74
-
SHA256
1374d806017136ac24ff2b892199c75513cae5267ab39deec422481be71c66d5
-
SHA512
d375257c7a84ef7b11ec1f76bfbe9bf9ef91bc122cd43880ed82e5e4578c5f6edcef0e2b28c814937de9ae579d75e0cfc09fe6c86a06670f9c81289ce14be422
-
SSDEEP
12288:gcl48RTm7FWaEL5n62kJKOld30Jse4ohNv:gESYaU5nmKOn0suhNv
Score10/10-
NetWire RAT payload
-
Blocklisted process makes network request
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-