General
-
Target
4a8587f61a4969ae73d103ee83d1cdb1a12ebe6734bf32ab00a1de1529e54cf5
-
Size
468KB
-
Sample
220520-rwvlsabdhq
-
MD5
f426569c2ebd6d3fe4c05a29446509ad
-
SHA1
47d629d9f8cdbb5a8fb194ffa4e6a20964bee075
-
SHA256
4a8587f61a4969ae73d103ee83d1cdb1a12ebe6734bf32ab00a1de1529e54cf5
-
SHA512
23641961e9260d0b8f1b33276223bcda03741dd73f2ea764f8b37b757ed1c42d76abc44ff95d2797d6eb2408ee9e0fa6d599cdb08efa3967b0f8124d19462525
Static task
static1
Behavioral task
behavioral1
Sample
SCANDA_Statement_of_Account_July_2020.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
SCANDA_Statement_of_Account_July_2020.exe
-
Size
486KB
-
MD5
32c10b0b4bb8a7e70cf58c573a05f16a
-
SHA1
a22e8814f215f2564d6c476506d7f76eb78fe80e
-
SHA256
146856560590ec6f2434f34fe94b4dd5de0d7ed700cdaccc15663db1fbc8c4aa
-
SHA512
717ea71453999846b87dfe952b9d6cc64617a69909e07de9934668e48f320b7be52ec370917adf520a36de5a0441091e73565c3083e58f251e8b8af5776b7042
-
NetWire RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-