General
-
Target
rFuDj.7z
-
Size
254KB
-
Sample
230301-gyxttaee3w
-
MD5
1634de6cfbca39797953d519d68b265b
-
SHA1
678a691f192464170264576365298b16fde02b71
-
SHA256
991eecd487e1e8c192f651f100ce6790f87942a403550ad4469cfb90e1f8d2dc
-
SHA512
d990ea65078f70b351fa9df570509a8e425ae53853a98b3189ffdaaf251837a8a2b2f6994bfa52118bb0ee138a79fed70478ef2d26da67df7151313c0d70c61e
-
SSDEEP
6144:tU0rioNeQMrbe8p/D0+UGjNLaWqA3K8+FVXznIUjAmxrh9f:O0GVrLpL0yFaRA3K8sV7jz1f
Static task
static1
Behavioral task
behavioral1
Sample
rFuDj.cmd
Resource
win10v2004-20230220-en
Malware Config
Extracted
netwire
184.75.221.211:5614
213.152.162.5:5614
194.36.111.59:5614
62.102.148.156:5614
217.151.98.163:5614
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
lock_executable
false
-
mutex
QuFDTHWH
-
offline_keylogger
false
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
rFuDj.cmd
-
Size
332KB
-
MD5
02a8d87db6d29b1baab0f1b9e71834d7
-
SHA1
934f99d43f6b983f57156c4dd56bba26fd4065bd
-
SHA256
8a59fe8ca31ce4abde54d02705f65ed0d788e384e0d5c05441971f4d1fef5b34
-
SHA512
8ff8e13ac50f95d1a19174093f1337aaa54a4199872bfa96dc45545a79600be71694cb72ee9e59c064b8c851f2e1f7856ff2f3c96fc5d073adb4ef06a97fb99f
-
SSDEEP
6144:6917wECPZ87yAlTLuGNaqzD1zV3ITby8EP7S7PNbecS3kKbwREdxsSi7yqr+QyQ:691Wx8uc2WtI4P+7P0EK+uA
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-