General
-
Target
13449784267e8b9f277e7aa2fdacecadfa3ad1843bf750190963b69b3b590c8f
-
Size
885KB
-
Sample
220521-w277aaebaj
-
MD5
5cc2db7fe3b222b100b9107896943e6f
-
SHA1
38822f40ac45140a80561e55742e2b7aae3b5a65
-
SHA256
13449784267e8b9f277e7aa2fdacecadfa3ad1843bf750190963b69b3b590c8f
-
SHA512
2fe32369a65bfb7f586121a937b1eb20c81f7ce0f0418780c4fda125395154d476b1b8c33c27c9b6cc1dd5799b1b4e91f850853f685fd62741f173d85e2c881c
Static task
static1
Behavioral task
behavioral1
Sample
Proof of payment.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Proof of payment.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
Proof of payment.exe
-
Size
1.0MB
-
MD5
328549191a15865db4e088aa1375a7b2
-
SHA1
5b2128274c3c069c90fe14b13c95ee1339873048
-
SHA256
ff0ebb75a316c61d851a3edfb2ec49a5c05a2054032dbb9f175b7990fd8959dc
-
SHA512
b646c21e687e0efa75913d21b3403f9ff0945d91158a9dbd318685d2eecacbc4f79f24f2cf3420045c1dee6161b71d084703277e8a4e2df79fa1177b7b42d205
Score10/10-
NetWire RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-