Overview

overview

10

Static

static

b2474f4fff...75.exe

windows7_x64

10

b2474f4fff...75.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b2474f4fff2fe8de9b91642837364f75

  • Size

    394KB

  • Sample

    201117-rbwgb9efbj

  • MD5

    b2474f4fff2fe8de9b91642837364f75

  • SHA1

    4c502f32d0d29750b4a821944af6861722428b0d

  • SHA256

    0e950de0479f62a50178a15909a1ee421345b0ad6cfda87ef9bb453afad71b54

  • SHA512

    6180fde282e396c9011630cd060272df19cc3b532b8f55389da83dda0df41f1e473c1097844709a8fe1d7f4caa6c4d990dc2555907556b67c8cf96d26fe3a5c4

Score
10/10
netwirebotnetpersistenceratstealer

Malware Config

Targets

    • Target

      b2474f4fff2fe8de9b91642837364f75

    • Size

      394KB

    • MD5

      b2474f4fff2fe8de9b91642837364f75

    • SHA1

      4c502f32d0d29750b4a821944af6861722428b0d

    • SHA256

      0e950de0479f62a50178a15909a1ee421345b0ad6cfda87ef9bb453afad71b54

    • SHA512

      6180fde282e396c9011630cd060272df19cc3b532b8f55389da83dda0df41f1e473c1097844709a8fe1d7f4caa6c4d990dc2555907556b67c8cf96d26fe3a5c4

    Score
    10/10
    netwirebotnetpersistenceratstealer

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Modifies service

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Modify Existing Service

1
T1031

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks