Overview

overview

10

Static

static

PaymentCon...on.exe

windows7_x64

10

PaymentCon...on.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PaymentConformation.exe

  • Size

    433KB

  • Sample

    201119-827d3tm8l6

  • MD5

    01ab21e031e660ecf392be7d5c1fa62b

  • SHA1

    714a081ddcd9cfc1bfaed0969866d87c11c34c6a

  • SHA256

    060ef35b985d05b93d0e647a68cdbb83d651a8b5fb36b234c94f3181d2d30aa3

  • SHA512

    635852a7824e0dca60181b027ff580875d087491cc8093111d7f4f1a668ec51e94f32642b4913720ed93b8d491ae5073c7462b2cfde5484e32475980ca5983b7

Score
10/10
netwirebotnetpersistenceratstealer

Malware Config

Targets

    • Target

      PaymentConformation.exe

    • Size

      433KB

    • MD5

      01ab21e031e660ecf392be7d5c1fa62b

    • SHA1

      714a081ddcd9cfc1bfaed0969866d87c11c34c6a

    • SHA256

      060ef35b985d05b93d0e647a68cdbb83d651a8b5fb36b234c94f3181d2d30aa3

    • SHA512

      635852a7824e0dca60181b027ff580875d087491cc8093111d7f4f1a668ec51e94f32642b4913720ed93b8d491ae5073c7462b2cfde5484e32475980ca5983b7

    Score
    10/10
    netwirebotnetpersistenceratstealer

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Modifies service

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Modify Existing Service

1
T1031

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks