General

  • Target

    FeDEx TRACKING DETAILS.exe

  • Size

    316KB

  • Sample

    210114-4adxdcey96

  • MD5

    0292ee96deb8fbe4c3bc279de12dde93

  • SHA1

    8f6211f205370504d7a5178d4ccab9bd153a2f26

  • SHA256

    a7813261c3c899e29185faee49f8a63d4e81a2da6acccb4cc57add4c5646e37d

  • SHA512

    2c9ae44681bc51b0282e6a348f6a3692c6d57399417040ef004c73e93150384fa10affdaad987be92d1b7538aaedfb73d8628a72ecd94bcd95322c2333400312

Malware Config

Targets

    • Target

      FeDEx TRACKING DETAILS.exe

    • Size

      316KB

    • MD5

      0292ee96deb8fbe4c3bc279de12dde93

    • SHA1

      8f6211f205370504d7a5178d4ccab9bd153a2f26

    • SHA256

      a7813261c3c899e29185faee49f8a63d4e81a2da6acccb4cc57add4c5646e37d

    • SHA512

      2c9ae44681bc51b0282e6a348f6a3692c6d57399417040ef004c73e93150384fa10affdaad987be92d1b7538aaedfb73d8628a72ecd94bcd95322c2333400312

    • NetWire RAT payload

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Tasks