General
-
Target
113a9858a84b3fe5c8df8ee0907c282df2aef55710e2359e2f7564a3472068dd
-
Size
713KB
-
Sample
221127-bgcveshd25
-
MD5
39d11206603326d942b3bd878318181f
-
SHA1
dc1c0c74744f9b0dfd40a2e66184df9262cea943
-
SHA256
113a9858a84b3fe5c8df8ee0907c282df2aef55710e2359e2f7564a3472068dd
-
SHA512
1d7b395d1dfedb360a561d5e73c936e12e5ceb910ea6957830c8713e4958eff4c03661b20f8759a9a58a1431da3f6f6965e42b5d46386999aaebe960d7734160
-
SSDEEP
12288:a6Wq4aaE6KwyF5L0Y2D1PqLiUcmdYyFPvvi6RSuRn16cUJn:4thEVaPqLzdYuHjRxRMLn
Behavioral task
behavioral1
Sample
113a9858a84b3fe5c8df8ee0907c282df2aef55710e2359e2f7564a3472068dd.exe
Resource
win7-20220901-en
Malware Config
Targets
-
-
Target
113a9858a84b3fe5c8df8ee0907c282df2aef55710e2359e2f7564a3472068dd
-
Size
713KB
-
MD5
39d11206603326d942b3bd878318181f
-
SHA1
dc1c0c74744f9b0dfd40a2e66184df9262cea943
-
SHA256
113a9858a84b3fe5c8df8ee0907c282df2aef55710e2359e2f7564a3472068dd
-
SHA512
1d7b395d1dfedb360a561d5e73c936e12e5ceb910ea6957830c8713e4958eff4c03661b20f8759a9a58a1431da3f6f6965e42b5d46386999aaebe960d7734160
-
SSDEEP
12288:a6Wq4aaE6KwyF5L0Y2D1PqLiUcmdYyFPvvi6RSuRn16cUJn:4thEVaPqLzdYuHjRxRMLn
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-