General
-
Target
0007e545a4e50f361d6ae2a708b0f8c92ce66736bcd334267da7e3951deef3f1
-
Size
533KB
-
Sample
221128-kq38eaah38
-
MD5
9ef3eb3bdfc86bfdb5c131fe229d6c6c
-
SHA1
cb86276276349a1b973869aa84bb44048b2cdfe5
-
SHA256
0007e545a4e50f361d6ae2a708b0f8c92ce66736bcd334267da7e3951deef3f1
-
SHA512
3ab04c41784f70299969d22c4fb076c15c5178d6765c72269246790197421ba142ca624d4cbb41db2a8f9bcd929fff9a4e207933d3beb64fddf43b86103ec31a
-
SSDEEP
6144:qTyU80LGVHKDpIoiiPmj8bc5kLGxXtPdomPDNmr2cmuD/4Djh9gH2RdEkNMM+6et:mtj6GQ0m5AgZmbDgPg2R3LrxAu
Malware Config
Targets
-
-
Target
0007e545a4e50f361d6ae2a708b0f8c92ce66736bcd334267da7e3951deef3f1
-
Size
533KB
-
MD5
9ef3eb3bdfc86bfdb5c131fe229d6c6c
-
SHA1
cb86276276349a1b973869aa84bb44048b2cdfe5
-
SHA256
0007e545a4e50f361d6ae2a708b0f8c92ce66736bcd334267da7e3951deef3f1
-
SHA512
3ab04c41784f70299969d22c4fb076c15c5178d6765c72269246790197421ba142ca624d4cbb41db2a8f9bcd929fff9a4e207933d3beb64fddf43b86103ec31a
-
SSDEEP
6144:qTyU80LGVHKDpIoiiPmj8bc5kLGxXtPdomPDNmr2cmuD/4Djh9gH2RdEkNMM+6et:mtj6GQ0m5AgZmbDgPg2R3LrxAu
Score10/10-
Modifies WinLogon for persistence
-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-