General
-
Target
proof of payment.exe
-
Size
661KB
-
Sample
220915-lwwaescfb5
-
MD5
af0b6c0b096bc0a9a6c6da19b3340a4c
-
SHA1
4bc68ca3cd282e9c711c6b9a452a425af4fdf8d8
-
SHA256
0b069c7e87aeb1802c8a83bf595bdf68040faf36bb5f607f4d1a20b8b8f45403
-
SHA512
b33da09ded4c519566e9277cc4b10c4f5553246dd587c74c6c212430b45d4c188221d65f4357a6a5ff97202e1429378dd903c7f23217a16acf876c0bf3ab0ba1
-
SSDEEP
12288:m5VF75e1ZsTyxRM2wfQy/FhucmJcTQJW0OkzKJfhd45/B:KVZ52ZX/OX9hDUcTOW5eAHW
Static task
static1
Behavioral task
behavioral1
Sample
proof of payment.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
proof of payment.exe
-
Size
661KB
-
MD5
af0b6c0b096bc0a9a6c6da19b3340a4c
-
SHA1
4bc68ca3cd282e9c711c6b9a452a425af4fdf8d8
-
SHA256
0b069c7e87aeb1802c8a83bf595bdf68040faf36bb5f607f4d1a20b8b8f45403
-
SHA512
b33da09ded4c519566e9277cc4b10c4f5553246dd587c74c6c212430b45d4c188221d65f4357a6a5ff97202e1429378dd903c7f23217a16acf876c0bf3ab0ba1
-
SSDEEP
12288:m5VF75e1ZsTyxRM2wfQy/FhucmJcTQJW0OkzKJfhd45/B:KVZ52ZX/OX9hDUcTOW5eAHW
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-