Overview

overview

10

Static

static

Proof of Payment.exe

windows7_x64

10

Proof of Payment.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Proof of Payment.exe

  • Size

    669KB

  • Sample

    210112-fan4vmkhm6

  • MD5

    4ec018f96f78c1bb6425f5e1bb71f6da

  • SHA1

    5190f3d25beaebda68285ed0dae5241fcd1b2162

  • SHA256

    ee564dc0c72681dd264376c496603592961ed0025f607f5b5b0a9f025fa521bc

  • SHA512

    d7565e7928794486a4f4e30726030bab108e2d3b99ddc30171802f1f8dc820957850fcd610ae5e8468d24374d2efd9b5bf8040fd8ab6e9cd9bd049cd6cf2b5c9

Score
10/10
netwirebotnetratstealer

Malware Config

Targets

    • Target

      Proof of Payment.exe

    • Size

      669KB

    • MD5

      4ec018f96f78c1bb6425f5e1bb71f6da

    • SHA1

      5190f3d25beaebda68285ed0dae5241fcd1b2162

    • SHA256

      ee564dc0c72681dd264376c496603592961ed0025f607f5b5b0a9f025fa521bc

    • SHA512

      d7565e7928794486a4f4e30726030bab108e2d3b99ddc30171802f1f8dc820957850fcd610ae5e8468d24374d2efd9b5bf8040fd8ab6e9cd9bd049cd6cf2b5c9

    Score
    10/10
    netwirebotnetratstealer

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks