General
-
Target
RFQ-B201902-0064.exe
-
Size
1.7MB
-
Sample
210105-nqysjdxly2
-
MD5
d1af8a2f27162d95da244e967d122648
-
SHA1
9dbc59b6fedd41c1545b4244874608f7d6bd1ec8
-
SHA256
abd18b2d7cfc702e56442f2549808b301f2e0fc214cdf2230d5fbefc9620fd42
-
SHA512
ec6b8c4ec0878fa79f5679f0e1b0956b3c9ab15534256d7e0df483a1e0fe47dd64a6c1024bedd3262acf7945b178d13b12a87913f2b4bc17ec9860f197582154
Static task
static1
Behavioral task
behavioral1
Sample
RFQ-B201902-0064.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
RFQ-B201902-0064.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
RFQ-B201902-0064.exe
-
Size
1.7MB
-
MD5
d1af8a2f27162d95da244e967d122648
-
SHA1
9dbc59b6fedd41c1545b4244874608f7d6bd1ec8
-
SHA256
abd18b2d7cfc702e56442f2549808b301f2e0fc214cdf2230d5fbefc9620fd42
-
SHA512
ec6b8c4ec0878fa79f5679f0e1b0956b3c9ab15534256d7e0df483a1e0fe47dd64a6c1024bedd3262acf7945b178d13b12a87913f2b4bc17ec9860f197582154
Score10/10-
Modifies WinLogon for persistence
-
NetWire RAT payload
-
Drops startup file
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-