General
-
Target
Payment notification-pdf.exe
-
Size
1.0MB
-
Sample
200630-xjh6fz6l92
-
MD5
55f366df0150172ee321229116917ef9
-
SHA1
7e8c4c56a6055d01e4d96ddedd5aec9241adcaf1
-
SHA256
c52c1fb415117cce538aa98327a5c9e5adebe60dd26c49dee07d9efcc07a5948
-
SHA512
6a368da55f572461d502886c5122a363eb1689ce87d1b3ba2e2a9ad6ff6da3c62d04a8625bd4a7d6aa3989d9924feb91babd14f7174118c4a41aa71c4d0d6afe
Static task
static1
Behavioral task
behavioral1
Sample
Payment notification-pdf.exe
Resource
win7
Malware Config
Targets
-
-
Target
Payment notification-pdf.exe
-
Size
1.0MB
-
MD5
55f366df0150172ee321229116917ef9
-
SHA1
7e8c4c56a6055d01e4d96ddedd5aec9241adcaf1
-
SHA256
c52c1fb415117cce538aa98327a5c9e5adebe60dd26c49dee07d9efcc07a5948
-
SHA512
6a368da55f572461d502886c5122a363eb1689ce87d1b3ba2e2a9ad6ff6da3c62d04a8625bd4a7d6aa3989d9924feb91babd14f7174118c4a41aa71c4d0d6afe
-
NetWire RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-