General
-
Target
01f2e272be7404ce5c9d13bb0afe224e9257477bff1be0bbaa8c51f1b270a904
-
Size
157KB
-
Sample
221129-nr1qfshe5t
-
MD5
1b1ee2cddf6295c45045c5c19f64c97c
-
SHA1
999c3bec2e1c5c2c5f343343f3fdc882d466f2c7
-
SHA256
01f2e272be7404ce5c9d13bb0afe224e9257477bff1be0bbaa8c51f1b270a904
-
SHA512
e3c5172947ec8405f0d406036b9487695079722d25b1430c2cccbae1e7bb7818f72317e3e02bd967b6c4aad6be67da670e71160ff506b58a08fb0fb376e4548f
-
SSDEEP
3072:5xUH7LJ8EqJR4c5XEtVPUYMTQknntozSPBqJ/wWix3wq3dinkajFyV26:5xUH/J8FRXLM/wWix3wq3gDjFyV26
Static task
static1
Behavioral task
behavioral1
Sample
01f2e272be7404ce5c9d13bb0afe224e9257477bff1be0bbaa8c51f1b270a904.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
01f2e272be7404ce5c9d13bb0afe224e9257477bff1be0bbaa8c51f1b270a904
-
Size
157KB
-
MD5
1b1ee2cddf6295c45045c5c19f64c97c
-
SHA1
999c3bec2e1c5c2c5f343343f3fdc882d466f2c7
-
SHA256
01f2e272be7404ce5c9d13bb0afe224e9257477bff1be0bbaa8c51f1b270a904
-
SHA512
e3c5172947ec8405f0d406036b9487695079722d25b1430c2cccbae1e7bb7818f72317e3e02bd967b6c4aad6be67da670e71160ff506b58a08fb0fb376e4548f
-
SSDEEP
3072:5xUH7LJ8EqJR4c5XEtVPUYMTQknntozSPBqJ/wWix3wq3dinkajFyV26:5xUH/J8FRXLM/wWix3wq3gDjFyV26
Score10/10-
NetWire RAT payload
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-