General
-
Target
d3bd8aa9d23c6f86b88662ba478209a3d54d0aea368eeffd4af95fee851e3bc9
-
Size
913KB
-
Sample
221127-splkzabg6s
-
MD5
67de448a65e1e16d4a1d6f5a65b4c61a
-
SHA1
ab7166a256aad0180e46e88d2169b4cadaf1ebf4
-
SHA256
d3bd8aa9d23c6f86b88662ba478209a3d54d0aea368eeffd4af95fee851e3bc9
-
SHA512
47f477732c88f3e7f99273c4dbd563dfd288be342af08bbca60e1020e65b4d32199b85bf6a15cbe93f6e4e0e47d42915b1a42b5e2ed5193aaf30d888e38cc29e
-
SSDEEP
12288:yK2mhAMJ/cPltTiD8/HBP7v8h7UZYE82Y5UKUL4n4y3Xp3SbSl/ADUnr:z2O/GltWD8fBPA7g6zwm4m53Sb2YDUnr
Static task
static1
Behavioral task
behavioral1
Sample
d3bd8aa9d23c6f86b88662ba478209a3d54d0aea368eeffd4af95fee851e3bc9.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
d3bd8aa9d23c6f86b88662ba478209a3d54d0aea368eeffd4af95fee851e3bc9.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
d3bd8aa9d23c6f86b88662ba478209a3d54d0aea368eeffd4af95fee851e3bc9
-
Size
913KB
-
MD5
67de448a65e1e16d4a1d6f5a65b4c61a
-
SHA1
ab7166a256aad0180e46e88d2169b4cadaf1ebf4
-
SHA256
d3bd8aa9d23c6f86b88662ba478209a3d54d0aea368eeffd4af95fee851e3bc9
-
SHA512
47f477732c88f3e7f99273c4dbd563dfd288be342af08bbca60e1020e65b4d32199b85bf6a15cbe93f6e4e0e47d42915b1a42b5e2ed5193aaf30d888e38cc29e
-
SSDEEP
12288:yK2mhAMJ/cPltTiD8/HBP7v8h7UZYE82Y5UKUL4n4y3Xp3SbSl/ADUnr:z2O/GltWD8fBPA7g6zwm4m53Sb2YDUnr
-
NetWire RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-