General
-
Target
Set-up.exe
-
Size
3.5MB
-
Sample
220919-pq159scgdq
-
MD5
6600434532f969d8fb24ee51fef331b7
-
SHA1
f3dc4329ded8a0ef1292bebf97611c4ad2e552fe
-
SHA256
e01bb0869c559b895adf1e203a1e3498aa86e676731ff810183c8a0432559fee
-
SHA512
109655ea6989bb15ff5f912ea37a5f92e17af52f1b5d23775d9b2a5b384e0bb9edbe7b19b77d27165b1cf1fe9dbd82fd11d68524333f3cced3d5d75e0635f394
-
SSDEEP
98304:kAI+zy/rv/dDXsN3RUDF/QY0VJkXZf8Bomxl3:jtzyTvVDchRsUMXZfCj3
Static task
static1
Behavioral task
behavioral1
Sample
Set-up.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
Set-up.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
revengerat
NyanCatRevenge
alice2019.myftp.biz:7575
a4765021d3
Extracted
netwire
alice2019.myftp.biz:3360
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
TEST_0000
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
Set-up.exe
-
Size
3.5MB
-
MD5
6600434532f969d8fb24ee51fef331b7
-
SHA1
f3dc4329ded8a0ef1292bebf97611c4ad2e552fe
-
SHA256
e01bb0869c559b895adf1e203a1e3498aa86e676731ff810183c8a0432559fee
-
SHA512
109655ea6989bb15ff5f912ea37a5f92e17af52f1b5d23775d9b2a5b384e0bb9edbe7b19b77d27165b1cf1fe9dbd82fd11d68524333f3cced3d5d75e0635f394
-
SSDEEP
98304:kAI+zy/rv/dDXsN3RUDF/QY0VJkXZf8Bomxl3:jtzyTvVDchRsUMXZfCj3
-
NetWire RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-