General
-
Target
5f4766dd1af632b397c4a30cbd9a135113af98f4eeabacbc1cd3f25cf2b3f179
-
Size
231KB
-
Sample
221127-mx374afb4t
-
MD5
5036e678e77e8dc64b22ff415d3026e1
-
SHA1
5f36c6b6d9616c9d1c95a38a9c8d8a3ca7efe275
-
SHA256
5f4766dd1af632b397c4a30cbd9a135113af98f4eeabacbc1cd3f25cf2b3f179
-
SHA512
62aea8cfeac5e45e9588493bb5846e32963144e455ab15209fac1a6e97c1fe370c32ad30078aecbb99425aebaf0350a1379d7dd5c005a867e4d376568216ab48
-
SSDEEP
6144:G9Xuji6pwA1Z0Y3MZDixkEW/6gbbhz9WHoReo:+Op3MSkR/6CbhzgHho
Static task
static1
Behavioral task
behavioral1
Sample
5f4766dd1af632b397c4a30cbd9a135113af98f4eeabacbc1cd3f25cf2b3f179.exe
Resource
win7-20220901-en
Malware Config
Targets
-
-
Target
5f4766dd1af632b397c4a30cbd9a135113af98f4eeabacbc1cd3f25cf2b3f179
-
Size
231KB
-
MD5
5036e678e77e8dc64b22ff415d3026e1
-
SHA1
5f36c6b6d9616c9d1c95a38a9c8d8a3ca7efe275
-
SHA256
5f4766dd1af632b397c4a30cbd9a135113af98f4eeabacbc1cd3f25cf2b3f179
-
SHA512
62aea8cfeac5e45e9588493bb5846e32963144e455ab15209fac1a6e97c1fe370c32ad30078aecbb99425aebaf0350a1379d7dd5c005a867e4d376568216ab48
-
SSDEEP
6144:G9Xuji6pwA1Z0Y3MZDixkEW/6gbbhz9WHoReo:+Op3MSkR/6CbhzgHho
-
NetWire RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-