General
-
Target
wdfr.exe
-
Size
270KB
-
Sample
200629-yx4h8zar2x
-
MD5
3e5606ac4cfc7377397427ef830512ab
-
SHA1
5b2a314125e3ce989cacde910153349bc0fd0a8b
-
SHA256
fcfc89b5ad3b4e406664cdd8408f56fe8b0c9a9eeb50fc821f2e89a9785c9f3e
-
SHA512
27c0daa41b45bf73bcb9dd688c23fba207f9c7252c864206438738966c7a6feb26727f4ea491095138915c8430fd8d55db704222e6f7e31c43faaa0be7303e2c
Static task
static1
Behavioral task
behavioral1
Sample
wdfr.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Malware Config
Targets
-
-
Target
wdfr.exe
-
Size
270KB
-
MD5
3e5606ac4cfc7377397427ef830512ab
-
SHA1
5b2a314125e3ce989cacde910153349bc0fd0a8b
-
SHA256
fcfc89b5ad3b4e406664cdd8408f56fe8b0c9a9eeb50fc821f2e89a9785c9f3e
-
SHA512
27c0daa41b45bf73bcb9dd688c23fba207f9c7252c864206438738966c7a6feb26727f4ea491095138915c8430fd8d55db704222e6f7e31c43faaa0be7303e2c
-
NetWire RAT payload
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-