General

  • Target

    Advice_342.pdf.exe

  • Size

    248KB

  • Sample

    200708-5cdhshzr4j

  • MD5

    670b3cc9ff11b892571690a9053c757f

  • SHA1

    0ff2b2e025fd62cba4c2f8a402aaa352de53b3dc

  • SHA256

    eaf820c89e009bafc8d9b577392f83a203e37ffc8b0a3e9281e313a705836e28

  • SHA512

    201ef2d850f2d352790e81d7491f4f113d0ee97ae21480fca70cf8dcf9a32cb638b6e1630e02ab980fdf781e06de8a2b04aa1b05a9c1b141698048a1ec025be6

Malware Config

Targets

    • Target

      Advice_342.pdf.exe

    • Size

      248KB

    • MD5

      670b3cc9ff11b892571690a9053c757f

    • SHA1

      0ff2b2e025fd62cba4c2f8a402aaa352de53b3dc

    • SHA256

      eaf820c89e009bafc8d9b577392f83a203e37ffc8b0a3e9281e313a705836e28

    • SHA512

      201ef2d850f2d352790e81d7491f4f113d0ee97ae21480fca70cf8dcf9a32cb638b6e1630e02ab980fdf781e06de8a2b04aa1b05a9c1b141698048a1ec025be6

    • NetWire RAT payload

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks