General
-
Target
448ad90bea1254e5759445568842b73ea15c18385abcfd53a85fcdf4afa90596
-
Size
973KB
-
Sample
221127-ge4g9agg5t
-
MD5
02e2a53027968cb04ed45cbc0c77ba27
-
SHA1
bf08129c289b00c9e84722071eb191de9e44071e
-
SHA256
448ad90bea1254e5759445568842b73ea15c18385abcfd53a85fcdf4afa90596
-
SHA512
a3eb3287285fa353e334b0105327250300a2219c727153fc703e6ac5d41ea3e087ed4432aff5694661aa08ce29d0b208f9091c435ea12fc3698e27bf10229cbd
-
SSDEEP
12288:lK2mhAMJ/cPlopNHvo8h7UZYE82Y5UKUL4n4y3Xp3SbSlDCnj:k2O/GlopNHv/7g6zwm4m53Sb2Dwj
Static task
static1
Behavioral task
behavioral1
Sample
448ad90bea1254e5759445568842b73ea15c18385abcfd53a85fcdf4afa90596.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
448ad90bea1254e5759445568842b73ea15c18385abcfd53a85fcdf4afa90596
-
Size
973KB
-
MD5
02e2a53027968cb04ed45cbc0c77ba27
-
SHA1
bf08129c289b00c9e84722071eb191de9e44071e
-
SHA256
448ad90bea1254e5759445568842b73ea15c18385abcfd53a85fcdf4afa90596
-
SHA512
a3eb3287285fa353e334b0105327250300a2219c727153fc703e6ac5d41ea3e087ed4432aff5694661aa08ce29d0b208f9091c435ea12fc3698e27bf10229cbd
-
SSDEEP
12288:lK2mhAMJ/cPlopNHvo8h7UZYE82Y5UKUL4n4y3Xp3SbSlDCnj:k2O/GlopNHv/7g6zwm4m53Sb2Dwj
-
NetWire RAT payload
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-