General
-
Target
02dde7041a6f4581cef09b30c2019fad50c71bbdf9e7cda527a18a228bd48710
-
Size
626KB
-
Sample
221127-vaqx9agb5z
-
MD5
7af42f187551fa37410b77c2bfb9d8ba
-
SHA1
3e799bfb72b63f5908856fc7dd4bde5af40ca84c
-
SHA256
02dde7041a6f4581cef09b30c2019fad50c71bbdf9e7cda527a18a228bd48710
-
SHA512
8259b47a094eb006eea22a8a9b570f612fc811e6d847ae2a29cc4a1ad85a3fff25802657242caa1554bcac779b1c7c610287be4e73fc7d6e9f25f208feb25d7b
-
SSDEEP
12288:xJRYT/jA1+FSpwPpwHd+3anVKB7myuK0bcNb2amWsVODj:M/RF4wPid+qbyxkatFDj
Static task
static1
Behavioral task
behavioral1
Sample
02dde7041a6f4581cef09b30c2019fad50c71bbdf9e7cda527a18a228bd48710.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
02dde7041a6f4581cef09b30c2019fad50c71bbdf9e7cda527a18a228bd48710.exe
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
02dde7041a6f4581cef09b30c2019fad50c71bbdf9e7cda527a18a228bd48710
-
Size
626KB
-
MD5
7af42f187551fa37410b77c2bfb9d8ba
-
SHA1
3e799bfb72b63f5908856fc7dd4bde5af40ca84c
-
SHA256
02dde7041a6f4581cef09b30c2019fad50c71bbdf9e7cda527a18a228bd48710
-
SHA512
8259b47a094eb006eea22a8a9b570f612fc811e6d847ae2a29cc4a1ad85a3fff25802657242caa1554bcac779b1c7c610287be4e73fc7d6e9f25f208feb25d7b
-
SSDEEP
12288:xJRYT/jA1+FSpwPpwHd+3anVKB7myuK0bcNb2amWsVODj:M/RF4wPid+qbyxkatFDj
Score10/10-
NetWire RAT payload
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-