General
-
Target
efbdd19d4daedfae66e2e249acc960dda45cd56bacce785f48dbe62aee4e5186
-
Size
876KB
-
Sample
220520-qaj3gscgh4
-
MD5
575d745dbd25ad7d843655d0ded0ea83
-
SHA1
8abccd0ee57b6f3d5cbb097066cd5e3446953cf6
-
SHA256
efbdd19d4daedfae66e2e249acc960dda45cd56bacce785f48dbe62aee4e5186
-
SHA512
6ab042d140d81aae73ae648cbb03ac2c6c442a53e56553718f31e62691b73e30a5801ec91fbd47ce031a5ba4e92db613a6e5d702ab58d6f812f372c6a6d89275
Malware Config
Targets
-
-
Target
PAYMENT NOTIFICATION.exe
-
Size
1.0MB
-
MD5
48f2dd0cfdd0ff30ca7af9f48422d9a5
-
SHA1
04f0c3b03b5992689197e13e0375be9978fef8df
-
SHA256
9eb4147d9fa5bdb1ad291e70ba7ff90fd005c2aa21ceaf4af8effbebc5cf4621
-
SHA512
2eedbf47eaee9410aeb8203904b7fde4b8561e2d93a17b16d48e78ab2db5d26ce26b4694badf107998e724cf3abee4d131416b8e0feaca13b330959d67329161
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-