General
-
Target
250514-bmdznstvas.bin
-
Size
273KB
-
Sample
250514-bz42matvh1
-
MD5
85e414fdd2e447e03d4f3c724d1b29b8
-
SHA1
db980ed136f642dc1d8e9b3926eeb6bff805616d
-
SHA256
954f5e5d737d2af5ee509c5661dbb95819261eb90d7131f1fde9c3c798bb5d5d
-
SHA512
bd910673ab6e22e6299df98385ef658f88ac18fd9c9582ed87f5d0ba1fa1e65201ec973ef0a9d933f2ceb7fbd9a2eb56b9a83f909b1f0d54f167b564fce132a7
-
SSDEEP
6144:ebhnot4+sbOAtbkfHLDiT6OzR8Q0l+/NyqRKbhoXqqD8Xck8B:elnot4+UwLDiT6OzR8llAgqbB
Behavioral task
behavioral1
Sample
250514-bmdznstvas.exe
Resource
win10v2004-20250502-en
Malware Config
Targets
-
-
Target
250514-bmdznstvas.bin
-
Size
273KB
-
MD5
85e414fdd2e447e03d4f3c724d1b29b8
-
SHA1
db980ed136f642dc1d8e9b3926eeb6bff805616d
-
SHA256
954f5e5d737d2af5ee509c5661dbb95819261eb90d7131f1fde9c3c798bb5d5d
-
SHA512
bd910673ab6e22e6299df98385ef658f88ac18fd9c9582ed87f5d0ba1fa1e65201ec973ef0a9d933f2ceb7fbd9a2eb56b9a83f909b1f0d54f167b564fce132a7
-
SSDEEP
6144:ebhnot4+sbOAtbkfHLDiT6OzR8Q0l+/NyqRKbhoXqqD8Xck8B:elnot4+UwLDiT6OzR8llAgqbB
-
NetWire RAT payload
-
Netwire family
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v16
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1