General
-
Target
1fb3b60878dc54af62cee0c594202b203e066cb743d9aa5d63833ba6800ded1c
-
Size
191KB
-
Sample
221126-b7271ada42
-
MD5
e93c745ca2ae94e03676565dd22306c7
-
SHA1
bca2f39035c02428ba78af990bc74c09a0962f77
-
SHA256
1fb3b60878dc54af62cee0c594202b203e066cb743d9aa5d63833ba6800ded1c
-
SHA512
c6299d1c77328537c9f7a8e8363b66b899c4ca7a08c49ddfce2811880d5de67d9f3c2f9cdfbfb5433a6f738f0ac7a2d95f5b018f340d3cd3870a1d42fe192b92
-
SSDEEP
3072:yJU1JoBFO+FmNei/8sQWk1zViNZn0OhpkPJPzly+tyEG2MNbX6BRh:QB0+sNei/HQWk1hiN10Oh+PBvtQ7C
Static task
static1
Behavioral task
behavioral1
Sample
1fb3b60878dc54af62cee0c594202b203e066cb743d9aa5d63833ba6800ded1c.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
1fb3b60878dc54af62cee0c594202b203e066cb743d9aa5d63833ba6800ded1c.exe
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
1fb3b60878dc54af62cee0c594202b203e066cb743d9aa5d63833ba6800ded1c
-
Size
191KB
-
MD5
e93c745ca2ae94e03676565dd22306c7
-
SHA1
bca2f39035c02428ba78af990bc74c09a0962f77
-
SHA256
1fb3b60878dc54af62cee0c594202b203e066cb743d9aa5d63833ba6800ded1c
-
SHA512
c6299d1c77328537c9f7a8e8363b66b899c4ca7a08c49ddfce2811880d5de67d9f3c2f9cdfbfb5433a6f738f0ac7a2d95f5b018f340d3cd3870a1d42fe192b92
-
SSDEEP
3072:yJU1JoBFO+FmNei/8sQWk1zViNZn0OhpkPJPzly+tyEG2MNbX6BRh:QB0+sNei/HQWk1hiN10Oh+PBvtQ7C
Score10/10-
Modifies WinLogon for persistence
-
NetWire RAT payload
-
Drops file in Drivers directory
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-