Overview

overview

10

Static

static

Proforma I...df.exe

windows7_x64

10

Proforma I...df.exe

windows10_x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    Proforma Invoice Attached .10456 pdf.exe

  • Size

    1.2MB

  • Sample

    200715-wtv2bk4mts

  • MD5

    065cfa71e11cd67ea14f3c072363167b

  • SHA1

    7383426bc5cb24190b24b14d99f812b98704942c

  • SHA256

    62e8d80b582bb90531dd63743d085910e20cdc35494bea3209fd80e22cff13bd

  • SHA512

    58e3fc424c8019410f58026b05892ea6fa398a3d8631599329acdae8d5c10f19a20be0c25b512f56cb111d6d559b3ff46c0f49997454195b54dd72bfeb52dbd1

Score
10/10
netwirebotnetpersistenceratstealer

Malware Config

Targets

    • Target

      Proforma Invoice Attached .10456 pdf.exe

    • Size

      1.2MB

    • MD5

      065cfa71e11cd67ea14f3c072363167b

    • SHA1

      7383426bc5cb24190b24b14d99f812b98704942c

    • SHA256

      62e8d80b582bb90531dd63743d085910e20cdc35494bea3209fd80e22cff13bd

    • SHA512

      58e3fc424c8019410f58026b05892ea6fa398a3d8631599329acdae8d5c10f19a20be0c25b512f56cb111d6d559b3ff46c0f49997454195b54dd72bfeb52dbd1

    Score
    10/10
    ratpersistencebotnetstealernetwire

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks