General
-
Target
5f53d622de7b361b2558cfeb85082b23d04f15fcf0127e9fb92f9a2c72e51584
-
Size
1.1MB
-
Sample
221206-vfsn2afc44
-
MD5
9de09cb16f81a09ea20cae8122c2bbc4
-
SHA1
05f5524b4ff9def02f9f1b2159ded220f643ced2
-
SHA256
5f53d622de7b361b2558cfeb85082b23d04f15fcf0127e9fb92f9a2c72e51584
-
SHA512
c3def7bdf16c6d2fe0571fd17d04fb3ee7ea74eaebe7d57bde1098ad896b63fa96bd9de2c4b8e7818a24f8454388d629c3c30c996e80490142f9296a4426a67b
-
SSDEEP
24576:XRqT31q2wlFJZb1WYPh6CXuAtZYwyneZO:BA31klFJTP8GuAtZryoO
Behavioral task
behavioral1
Sample
5f53d622de7b361b2558cfeb85082b23d04f15fcf0127e9fb92f9a2c72e51584.exe
Resource
win7-20221111-en
Malware Config
Targets
-
-
Target
5f53d622de7b361b2558cfeb85082b23d04f15fcf0127e9fb92f9a2c72e51584
-
Size
1.1MB
-
MD5
9de09cb16f81a09ea20cae8122c2bbc4
-
SHA1
05f5524b4ff9def02f9f1b2159ded220f643ced2
-
SHA256
5f53d622de7b361b2558cfeb85082b23d04f15fcf0127e9fb92f9a2c72e51584
-
SHA512
c3def7bdf16c6d2fe0571fd17d04fb3ee7ea74eaebe7d57bde1098ad896b63fa96bd9de2c4b8e7818a24f8454388d629c3c30c996e80490142f9296a4426a67b
-
SSDEEP
24576:XRqT31q2wlFJZb1WYPh6CXuAtZYwyneZO:BA31klFJTP8GuAtZryoO
-
NetWire RAT payload
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-