General
-
Target
32e19f323a5df06d2f7d190cb223a26947ee232aafb25301daf342f0f965a2c4
-
Size
109KB
-
Sample
221127-kgczvscg23
-
MD5
75acca9340f832b7361f2ec8ae8964d6
-
SHA1
083f137ca92578a2a9b537654138cf0648032b10
-
SHA256
32e19f323a5df06d2f7d190cb223a26947ee232aafb25301daf342f0f965a2c4
-
SHA512
085be2b0a74c9796e3695da8e62a11f0973c77ef3876284bb7ba336776e6fc86f6a8d8aa38f1ca8d6552d777feada269345a37bf4232eed751d227e0647ba26d
-
SSDEEP
3072:xwJ52Y7ZoH5XJaAWIIyxxPcLU9NPiTa6xwR2j6dNEPC13L:xwHysXIFM0JuLxxyEPO3L
Static task
static1
Behavioral task
behavioral1
Sample
32e19f323a5df06d2f7d190cb223a26947ee232aafb25301daf342f0f965a2c4.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
32e19f323a5df06d2f7d190cb223a26947ee232aafb25301daf342f0f965a2c4.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
32e19f323a5df06d2f7d190cb223a26947ee232aafb25301daf342f0f965a2c4
-
Size
109KB
-
MD5
75acca9340f832b7361f2ec8ae8964d6
-
SHA1
083f137ca92578a2a9b537654138cf0648032b10
-
SHA256
32e19f323a5df06d2f7d190cb223a26947ee232aafb25301daf342f0f965a2c4
-
SHA512
085be2b0a74c9796e3695da8e62a11f0973c77ef3876284bb7ba336776e6fc86f6a8d8aa38f1ca8d6552d777feada269345a37bf4232eed751d227e0647ba26d
-
SSDEEP
3072:xwJ52Y7ZoH5XJaAWIIyxxPcLU9NPiTa6xwR2j6dNEPC13L:xwHysXIFM0JuLxxyEPO3L
Score10/10-
NetWire RAT payload
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-