General
-
Target
af3519c9db9356b3878a88db881866347f5313f66bc19fb16c1b792fd5a37043
-
Size
194KB
-
Sample
221127-zwxp5sdc3y
-
MD5
648b9256454643e44fce9401ce3042bf
-
SHA1
6479cbdea1a401e579d32cff10aeeef50db24a69
-
SHA256
af3519c9db9356b3878a88db881866347f5313f66bc19fb16c1b792fd5a37043
-
SHA512
9db5119333b1916584b4e1f98dd4528e6a9a889127ff1f726566ab4411b239214002caf1e75eedde832abd7296e7c47ba1c71c708e6251fa1c98c02878c0912c
-
SSDEEP
6144:/9Xuji6hAheEsKL0PUmXruVSGGAVDFu3FZu:5reEpgGdVDIg
Static task
static1
Behavioral task
behavioral1
Sample
af3519c9db9356b3878a88db881866347f5313f66bc19fb16c1b792fd5a37043.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
af3519c9db9356b3878a88db881866347f5313f66bc19fb16c1b792fd5a37043
-
Size
194KB
-
MD5
648b9256454643e44fce9401ce3042bf
-
SHA1
6479cbdea1a401e579d32cff10aeeef50db24a69
-
SHA256
af3519c9db9356b3878a88db881866347f5313f66bc19fb16c1b792fd5a37043
-
SHA512
9db5119333b1916584b4e1f98dd4528e6a9a889127ff1f726566ab4411b239214002caf1e75eedde832abd7296e7c47ba1c71c708e6251fa1c98c02878c0912c
-
SSDEEP
6144:/9Xuji6hAheEsKL0PUmXruVSGGAVDFu3FZu:5reEpgGdVDIg
-
NetWire RAT payload
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-