General
-
Target
9dd9dcea8897935e1ad2495d33b9236228dac772ca825cc67c90938bb29aa419
-
Size
868KB
-
Sample
220521-w3ax6sagd9
-
MD5
f047630b6bdd86310d4576a63a94ada6
-
SHA1
d721cf61114d0015af33b877fea4b6620075f0a1
-
SHA256
9dd9dcea8897935e1ad2495d33b9236228dac772ca825cc67c90938bb29aa419
-
SHA512
96e5b54c71c8fa14408616f459b021f8e3309e95800b5ebafa87b7a1fdd1e5baa1961bacbde9f31f4155f146bf739b182b33b72de9c553c904cb2ccccc0a6cf5
Static task
static1
Behavioral task
behavioral1
Sample
Proof Of Payment.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Proof Of Payment.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
Proof Of Payment.exe
-
Size
1021KB
-
MD5
121b665f158aa269dfdd6d701c4af31d
-
SHA1
81b94a9e9af1258dd5074adc7077c0fca2de7e79
-
SHA256
9e1de81ecb080a9d970953a62de72b6a83cc61776409098f1429c11032cbfa14
-
SHA512
af293c732eea9d928e9bcfefc35fbee68ad3af3392503dd3d051ef9dc54df630f6a5a965d364f255c9c25a19465e58ed630edc644eed99c370924aec837b5b68
Score10/10-
NetWire RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-