General
-
Target
4a3aa9b1e2726f3f1144f06f6e131c4e39c5590291a3170f2fe4d9ea5d00c2d9
-
Size
186KB
-
Sample
221127-b92n9abe43
-
MD5
4b68747b9d04586c3e10f451d808a664
-
SHA1
beac728ebe6b4ed983035c0bd195c92010676b6b
-
SHA256
4a3aa9b1e2726f3f1144f06f6e131c4e39c5590291a3170f2fe4d9ea5d00c2d9
-
SHA512
dc6a3aa09206849b7c33b38bcb42bcbdc7a3f4ebb2f3fbecd7be9f52861daf08a74313e13a0ea36cf0abd58126fb5ed1fb125d48fac03280bd2c68384809dbe0
-
SSDEEP
3072:mAsj8MBX8s0oXJUqmBF36Z3xOaWgvNlsGPewZOwLEpyLVd+nMxyKvCxOyxUvVlUH:mAsBZiqmj6uyvnsGP8TpsCFUv6QL/3RG
Static task
static1
Behavioral task
behavioral1
Sample
4a3aa9b1e2726f3f1144f06f6e131c4e39c5590291a3170f2fe4d9ea5d00c2d9.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
4a3aa9b1e2726f3f1144f06f6e131c4e39c5590291a3170f2fe4d9ea5d00c2d9.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
4a3aa9b1e2726f3f1144f06f6e131c4e39c5590291a3170f2fe4d9ea5d00c2d9
-
Size
186KB
-
MD5
4b68747b9d04586c3e10f451d808a664
-
SHA1
beac728ebe6b4ed983035c0bd195c92010676b6b
-
SHA256
4a3aa9b1e2726f3f1144f06f6e131c4e39c5590291a3170f2fe4d9ea5d00c2d9
-
SHA512
dc6a3aa09206849b7c33b38bcb42bcbdc7a3f4ebb2f3fbecd7be9f52861daf08a74313e13a0ea36cf0abd58126fb5ed1fb125d48fac03280bd2c68384809dbe0
-
SSDEEP
3072:mAsj8MBX8s0oXJUqmBF36Z3xOaWgvNlsGPewZOwLEpyLVd+nMxyKvCxOyxUvVlUH:mAsBZiqmj6uyvnsGP8TpsCFUv6QL/3RG
Score10/10-
NetWire RAT payload
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-