Overview

overview

10

Static

static

b61d866837...c9.exe

windows7_x64

10

b61d866837...c9.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b61d866837ca60df01c1465e028db4c9.exe

  • Size

    3.3MB

  • Sample

    210113-h7zdq1radj

  • MD5

    b61d866837ca60df01c1465e028db4c9

  • SHA1

    53d4b6d751dcbf1cf6d8de3f8f50aedc2896d66a

  • SHA256

    b6c6f8ac58b7838c87ccf2b36b2f7005c6dd86792575e1e8c7ccce30d7d6a878

  • SHA512

    f02ece67642717bc55896d8802c6011e7023741583f05c09d626d326b5eba968ba3e7ccdde9c846d62389caf9ed9f6d63977fec2bd57195203f1b79cfff78070

Score
10/10
netwirebotnetpersistenceratstealer

Malware Config

Targets

    • Target

      b61d866837ca60df01c1465e028db4c9.exe

    • Size

      3.3MB

    • MD5

      b61d866837ca60df01c1465e028db4c9

    • SHA1

      53d4b6d751dcbf1cf6d8de3f8f50aedc2896d66a

    • SHA256

      b6c6f8ac58b7838c87ccf2b36b2f7005c6dd86792575e1e8c7ccce30d7d6a878

    • SHA512

      f02ece67642717bc55896d8802c6011e7023741583f05c09d626d326b5eba968ba3e7ccdde9c846d62389caf9ed9f6d63977fec2bd57195203f1b79cfff78070

    Score
    10/10
    netwirebotnetpersistenceratstealer

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks