General

  • Target

    Payment confirmation .exe

  • Size

    1.6MB

  • Sample

    210118-f3x2x9cpa6

  • MD5

    2299048ac257199bc80f93b0fd6673cd

  • SHA1

    632022248fa68c9ca1ca44faab162db16aa6c0f9

  • SHA256

    29cc53d38f8523b0828802c5d901de1590ac7f534bd1a6df1bf06748b9568f62

  • SHA512

    3a13094681b0151b79741b3e3901b679766e6994fd518cd55034ff5797a091082184107b645adca8db892213a9bac8ba2973ba333fe83690e8f42cfe0747e03b

Malware Config

Targets

    • Target

      Payment confirmation .exe

    • Size

      1.6MB

    • MD5

      2299048ac257199bc80f93b0fd6673cd

    • SHA1

      632022248fa68c9ca1ca44faab162db16aa6c0f9

    • SHA256

      29cc53d38f8523b0828802c5d901de1590ac7f534bd1a6df1bf06748b9568f62

    • SHA512

      3a13094681b0151b79741b3e3901b679766e6994fd518cd55034ff5797a091082184107b645adca8db892213a9bac8ba2973ba333fe83690e8f42cfe0747e03b

    • NetWire RAT payload

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    • Executes dropped EXE

    • Drops startup file

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Tasks