Overview

overview

10

Static

static

a81eb03453...67.exe

windows7_x64

10

a81eb03453...67.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a81eb03453ffc1aac6571464d4401a67.exe

  • Size

    236KB

  • Sample

    201203-b1893r6vqj

  • MD5

    a81eb03453ffc1aac6571464d4401a67

  • SHA1

    5248d43ffbf98607c03a7a0d7b7835b5f8e12670

  • SHA256

    7511c244b32ec5bc59ff7173ee5aa83a764ea6607522b79cc99c5537907e50e7

  • SHA512

    b1953ce89afa6955c4ca72580a7f558ae60540ef101371765a04cfd222b293a4d21aa723b8e25961704851998acf1a8d62fde0516583172d6a6465d1d1ee185b

Score
10/10
netwirebotnetpersistenceratstealer

Malware Config

Targets

    • Target

      a81eb03453ffc1aac6571464d4401a67.exe

    • Size

      236KB

    • MD5

      a81eb03453ffc1aac6571464d4401a67

    • SHA1

      5248d43ffbf98607c03a7a0d7b7835b5f8e12670

    • SHA256

      7511c244b32ec5bc59ff7173ee5aa83a764ea6607522b79cc99c5537907e50e7

    • SHA512

      b1953ce89afa6955c4ca72580a7f558ae60540ef101371765a04cfd222b293a4d21aa723b8e25961704851998acf1a8d62fde0516583172d6a6465d1d1ee185b

    Score
    10/10
    netwirebotnetpersistenceratstealer

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks