Overview

overview

10

Static

static

Payment no...on.exe

windows7_x64

10

Payment no...on.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Payment notification.exe

  • Size

    758KB

  • Sample

    210111-kwxrr813wx

  • MD5

    1ddc40fd6ae75ccf9fffe1f0a01a9d63

  • SHA1

    8183320a9a31c56f31e482d76240afbb4a6dae54

  • SHA256

    26227234f11b155d504617e9580d22efe5a9f95d52ce767bade994da339d0d90

  • SHA512

    e940a839860e2ec7c0471392bc010165aaaed2be98f3e6cec504750ceede14aa3d1f44eb5d7c7b7b05fd1f106f3a44c2dd1cbb5050255430553554b7be866203

Score
10/10
netwirebotnetratstealer

Malware Config

Targets

    • Target

      Payment notification.exe

    • Size

      758KB

    • MD5

      1ddc40fd6ae75ccf9fffe1f0a01a9d63

    • SHA1

      8183320a9a31c56f31e482d76240afbb4a6dae54

    • SHA256

      26227234f11b155d504617e9580d22efe5a9f95d52ce767bade994da339d0d90

    • SHA512

      e940a839860e2ec7c0471392bc010165aaaed2be98f3e6cec504750ceede14aa3d1f44eb5d7c7b7b05fd1f106f3a44c2dd1cbb5050255430553554b7be866203

    Score
    10/10
    netwirebotnetratstealer

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks