General
-
Target
INV7783763278.exe
-
Size
690KB
-
Sample
220520-rxzxwsbefl
-
MD5
0a6510aeaf92285a224cb8cb76332aeb
-
SHA1
106bee5b6dac97c9480fb96e99619704d9e58de1
-
SHA256
09c5712ccf983f5013d3cd1157a15050b909b9f5f6318334e9f7da2174385015
-
SHA512
bfe38ceee89109de01f7c7b63b5192bbedd34e5ef35bc4b4b8fb8e86d217761f2a05f12200b6d30503ca2c12eadd916090c54785c35656e5c9170b6eb7d830ee
Static task
static1
Behavioral task
behavioral1
Sample
INV7783763278.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
INV7783763278.exe
-
Size
690KB
-
MD5
0a6510aeaf92285a224cb8cb76332aeb
-
SHA1
106bee5b6dac97c9480fb96e99619704d9e58de1
-
SHA256
09c5712ccf983f5013d3cd1157a15050b909b9f5f6318334e9f7da2174385015
-
SHA512
bfe38ceee89109de01f7c7b63b5192bbedd34e5ef35bc4b4b8fb8e86d217761f2a05f12200b6d30503ca2c12eadd916090c54785c35656e5c9170b6eb7d830ee
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-