General
-
Target
c2a68c7adbd412050518ad8b660d36616d9620f788dc42d7688b9ac6a4b33643
-
Size
151KB
-
Sample
221126-zt27vadg72
-
MD5
dabc802074b0f8b250aeaf8cb6db5bca
-
SHA1
0d56a89a464db8b85fb854ada98f04effee1ac68
-
SHA256
c2a68c7adbd412050518ad8b660d36616d9620f788dc42d7688b9ac6a4b33643
-
SHA512
fa5da1c16d4ecc37552c193186c6564b98ee38f67a5e4bd7e73fd62d8a01bdf2846a1a513b793006ca19b8b97bfc266318e2ed0ab21c8badb15fbc44aa70ff65
-
SSDEEP
3072:haE9wpvmbpE3OOq5QVggXb8NrdphkYi3X7xPZ:hDGFj3OOqdgL87pWz
Static task
static1
Behavioral task
behavioral1
Sample
c2a68c7adbd412050518ad8b660d36616d9620f788dc42d7688b9ac6a4b33643.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
c2a68c7adbd412050518ad8b660d36616d9620f788dc42d7688b9ac6a4b33643.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
c2a68c7adbd412050518ad8b660d36616d9620f788dc42d7688b9ac6a4b33643
-
Size
151KB
-
MD5
dabc802074b0f8b250aeaf8cb6db5bca
-
SHA1
0d56a89a464db8b85fb854ada98f04effee1ac68
-
SHA256
c2a68c7adbd412050518ad8b660d36616d9620f788dc42d7688b9ac6a4b33643
-
SHA512
fa5da1c16d4ecc37552c193186c6564b98ee38f67a5e4bd7e73fd62d8a01bdf2846a1a513b793006ca19b8b97bfc266318e2ed0ab21c8badb15fbc44aa70ff65
-
SSDEEP
3072:haE9wpvmbpE3OOq5QVggXb8NrdphkYi3X7xPZ:hDGFj3OOqdgL87pWz
Score10/10-
NetWire RAT payload
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-