General
-
Target
Payment confirmation .exe
-
Size
1.6MB
-
Sample
210118-f3x2x9cpa6
-
MD5
2299048ac257199bc80f93b0fd6673cd
-
SHA1
632022248fa68c9ca1ca44faab162db16aa6c0f9
-
SHA256
29cc53d38f8523b0828802c5d901de1590ac7f534bd1a6df1bf06748b9568f62
-
SHA512
3a13094681b0151b79741b3e3901b679766e6994fd518cd55034ff5797a091082184107b645adca8db892213a9bac8ba2973ba333fe83690e8f42cfe0747e03b
Static task
static1
Behavioral task
behavioral1
Sample
Payment confirmation .exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Payment confirmation .exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
Payment confirmation .exe
-
Size
1.6MB
-
MD5
2299048ac257199bc80f93b0fd6673cd
-
SHA1
632022248fa68c9ca1ca44faab162db16aa6c0f9
-
SHA256
29cc53d38f8523b0828802c5d901de1590ac7f534bd1a6df1bf06748b9568f62
-
SHA512
3a13094681b0151b79741b3e3901b679766e6994fd518cd55034ff5797a091082184107b645adca8db892213a9bac8ba2973ba333fe83690e8f42cfe0747e03b
Score10/10-
NetWire RAT payload
-
Executes dropped EXE
-
Drops startup file
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-