General
-
Target
18df3cc6f2fc32277040460c85aaf927848e63abb3d005b43fcb8d0368a57214
-
Size
817KB
-
Sample
221125-ymazcabd68
-
MD5
d73b8c3a4405846fd0ba8c384a7113a1
-
SHA1
0751fb4a0ac6671c71d7b48caf605e77b1424c3d
-
SHA256
18df3cc6f2fc32277040460c85aaf927848e63abb3d005b43fcb8d0368a57214
-
SHA512
239e0578ff629073b26a76bc46e427c1dce63f811d7baab50af73fcda91ed9b70191b056bdaf3fc2999485218a8e9bc7071956d2b5d634004e0cb8120321b727
-
SSDEEP
24576:HRmJkcoQricOIQxiZY1iaBcien5VcrEjFk6d:sJZoQrbTFZY1iaBcBXc0P
Static task
static1
Behavioral task
behavioral1
Sample
18df3cc6f2fc32277040460c85aaf927848e63abb3d005b43fcb8d0368a57214.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
18df3cc6f2fc32277040460c85aaf927848e63abb3d005b43fcb8d0368a57214.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
18df3cc6f2fc32277040460c85aaf927848e63abb3d005b43fcb8d0368a57214
-
Size
817KB
-
MD5
d73b8c3a4405846fd0ba8c384a7113a1
-
SHA1
0751fb4a0ac6671c71d7b48caf605e77b1424c3d
-
SHA256
18df3cc6f2fc32277040460c85aaf927848e63abb3d005b43fcb8d0368a57214
-
SHA512
239e0578ff629073b26a76bc46e427c1dce63f811d7baab50af73fcda91ed9b70191b056bdaf3fc2999485218a8e9bc7071956d2b5d634004e0cb8120321b727
-
SSDEEP
24576:HRmJkcoQricOIQxiZY1iaBcien5VcrEjFk6d:sJZoQrbTFZY1iaBcBXc0P
Score10/10-
Modifies WinLogon for persistence
-
NetWire RAT payload
-
Executes dropped EXE
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-