General
-
Target
3f8fe3bfb24bf880c9aadbcf2c3c9c800f87026d0cdc5ef133ba039a7dc5d3c1
-
Size
865KB
-
Sample
220521-w245maeahp
-
MD5
d32f086ca13fae6d74f5af760ea560e2
-
SHA1
b900f58762adbeca74571f8befbb469228ba4c1e
-
SHA256
3f8fe3bfb24bf880c9aadbcf2c3c9c800f87026d0cdc5ef133ba039a7dc5d3c1
-
SHA512
3a2739b2382fe5f4bf36b0ef442a35b22cf5574c5794f1c7238f61ffe17796ddd482561b1f6f92d9b6f5344cea6bbf3ba24a4097a0fa88087e766020b0a747f3
Static task
static1
Behavioral task
behavioral1
Sample
Proof of payment.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Proof of payment.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
Proof of payment.exe
-
Size
980KB
-
MD5
4bc9ed4383e90e5e4d2c38deae0d58e4
-
SHA1
b9a519e8b70886ee003132e3cdda2006f5b1be9c
-
SHA256
e8ac69b242f87152457399a019803c892209200c3951f6a0efc05cde5dd5edf5
-
SHA512
29722a913cb2f2fd45268ff6c56d98b4419b996a7fb633dda11bb31a05a9b43eb0b5f14df92868c7ee08045de07a3e9ece815d331acdc3c6080482bcfcad73a7
Score10/10-
NetWire RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-