General
-
Target
f176551008ead792dc4d981c0b1c2ad48f3f2bab30fb76fb62264c096f11739d
-
Size
875KB
-
Sample
221127-3a8r3abf3z
-
MD5
9e31a336dd9e73df1cabf3d3b8e3d489
-
SHA1
349253da2192e6c146631bbf9566d06430b015bf
-
SHA256
f176551008ead792dc4d981c0b1c2ad48f3f2bab30fb76fb62264c096f11739d
-
SHA512
0e25b7ada6d67c4c98a4105c959b6888adda10fe123f35d720364ccb361efa5ca8e863700ee9aaa86bd3536306396ec13fa61d2885ff8f84957e85a11a9ba6cd
-
SSDEEP
12288:caWzgMg7v3qnCiMErQohh0F4CCJ8lny/QswI0+u0DrvssN8q:jaHMv6Corjqny/QNI0+VXssKq
Static task
static1
Behavioral task
behavioral1
Sample
f176551008ead792dc4d981c0b1c2ad48f3f2bab30fb76fb62264c096f11739d.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
f176551008ead792dc4d981c0b1c2ad48f3f2bab30fb76fb62264c096f11739d.exe
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
f176551008ead792dc4d981c0b1c2ad48f3f2bab30fb76fb62264c096f11739d
-
Size
875KB
-
MD5
9e31a336dd9e73df1cabf3d3b8e3d489
-
SHA1
349253da2192e6c146631bbf9566d06430b015bf
-
SHA256
f176551008ead792dc4d981c0b1c2ad48f3f2bab30fb76fb62264c096f11739d
-
SHA512
0e25b7ada6d67c4c98a4105c959b6888adda10fe123f35d720364ccb361efa5ca8e863700ee9aaa86bd3536306396ec13fa61d2885ff8f84957e85a11a9ba6cd
-
SSDEEP
12288:caWzgMg7v3qnCiMErQohh0F4CCJ8lny/QswI0+u0DrvssN8q:jaHMv6Corjqny/QNI0+VXssKq
Score10/10-
NetWire RAT payload
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-