Overview

overview

10

Static

static

Scan_20201...ls.exe

windows7_x64

10

Scan_20201...ls.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Scan_202011200113(1)xls.exe

  • Size

    314KB

  • Sample

    201120-hms1bfar56

  • MD5

    527db00719b6964cfce4b2b21807bd50

  • SHA1

    333445d3997af140d77521c130e1dde9fd4ac610

  • SHA256

    91ebd3307ce041d7a369a6fed08ec67c6bbfe49614342dd74a8ef6787d4ad837

  • SHA512

    f2dbeed31ab519e262e2c9a61b3019759dcac525b173c1d96cc696e7427a85a658a69626f3a6e283b4686b0325c9d6b3f31322c67bee9999c0347f375bef1354

Score
10/10
netwirebotnetpersistenceratstealer

Malware Config

Targets

    • Target

      Scan_202011200113(1)xls.exe

    • Size

      314KB

    • MD5

      527db00719b6964cfce4b2b21807bd50

    • SHA1

      333445d3997af140d77521c130e1dde9fd4ac610

    • SHA256

      91ebd3307ce041d7a369a6fed08ec67c6bbfe49614342dd74a8ef6787d4ad837

    • SHA512

      f2dbeed31ab519e262e2c9a61b3019759dcac525b173c1d96cc696e7427a85a658a69626f3a6e283b4686b0325c9d6b3f31322c67bee9999c0347f375bef1354

    Score
    10/10
    netwirebotnetpersistenceratstealer

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Executes dropped EXE

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks