General

  • Target

    89131afc96de0cd44e971162b031da651db8cafb.exe

  • Size

    160KB

  • Sample

    210104-3wqc46pa6n

  • MD5

    5b2b28f9f863e885d1e5244f86611afb

  • SHA1

    89131afc96de0cd44e971162b031da651db8cafb

  • SHA256

    bc066cca1e34bf168dec9ade1a04e015150658c07567ab0524c9a715ceccdd6e

  • SHA512

    330d7be84cfe5ad5151a73825adb0e80179aee1b5307fbe32f915f6ba3ea82d13f85c695f597def1c887ee00f55cd97989a351534d15b07c6fbbf0a1ba9585a9

Malware Config

Targets

    • Target

      89131afc96de0cd44e971162b031da651db8cafb.exe

    • Size

      160KB

    • MD5

      5b2b28f9f863e885d1e5244f86611afb

    • SHA1

      89131afc96de0cd44e971162b031da651db8cafb

    • SHA256

      bc066cca1e34bf168dec9ade1a04e015150658c07567ab0524c9a715ceccdd6e

    • SHA512

      330d7be84cfe5ad5151a73825adb0e80179aee1b5307fbe32f915f6ba3ea82d13f85c695f597def1c887ee00f55cd97989a351534d15b07c6fbbf0a1ba9585a9

    • NetWire RAT payload

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Tasks