General
-
Target
fb1c07a5c52e4a3332370d84c3555b410404808bc14a39bcc1910b0402aee342
-
Size
548KB
-
Sample
220630-3tjbhsefa4
-
MD5
0aefcc4a1b91e429cff41e6e40081761
-
SHA1
3d94dbd4b99efb87b9594684be8d3c5931072509
-
SHA256
fb1c07a5c52e4a3332370d84c3555b410404808bc14a39bcc1910b0402aee342
-
SHA512
63c821bc8b6119d3ceffc9fff062ff2d3ab8cf334a241921e09deaa86183acde4a08da14b313f833f3914a7f8e953164ea75d281914f664c0713a77716389ec7
Static task
static1
Behavioral task
behavioral1
Sample
fb1c07a5c52e4a3332370d84c3555b410404808bc14a39bcc1910b0402aee342.msi
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
fb1c07a5c52e4a3332370d84c3555b410404808bc14a39bcc1910b0402aee342.msi
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
fb1c07a5c52e4a3332370d84c3555b410404808bc14a39bcc1910b0402aee342
-
Size
548KB
-
MD5
0aefcc4a1b91e429cff41e6e40081761
-
SHA1
3d94dbd4b99efb87b9594684be8d3c5931072509
-
SHA256
fb1c07a5c52e4a3332370d84c3555b410404808bc14a39bcc1910b0402aee342
-
SHA512
63c821bc8b6119d3ceffc9fff062ff2d3ab8cf334a241921e09deaa86183acde4a08da14b313f833f3914a7f8e953164ea75d281914f664c0713a77716389ec7
-
NetWire RAT payload
-
Executes dropped EXE
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-