Overview

overview

10

Static

static

Proof Of Payment.exe

windows7_x64

10

Proof Of Payment.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Proof Of Payment.exe

  • Size

    1.4MB

  • Sample

    210119-23avatdwdj

  • MD5

    b09c19f4d896b873476bce03ff91207f

  • SHA1

    2d10ce9d6635ba0bc7787bc25e83f91e6c138a38

  • SHA256

    c8dd40f09de4d85fa155fab0b763b1cba2d8381617eee03932d0edd221c33fef

  • SHA512

    367341a093421f25f560ac9cc2d5e36932af225a72fc5ee8af9d7f1135f6f4f4d135d9bd927203979be4bcccbc3559e558190b4ecdc43d7502205131af0b15ea

Score
10/10
netwirebotnetratstealer

Malware Config

Targets

    • Target

      Proof Of Payment.exe

    • Size

      1.4MB

    • MD5

      b09c19f4d896b873476bce03ff91207f

    • SHA1

      2d10ce9d6635ba0bc7787bc25e83f91e6c138a38

    • SHA256

      c8dd40f09de4d85fa155fab0b763b1cba2d8381617eee03932d0edd221c33fef

    • SHA512

      367341a093421f25f560ac9cc2d5e36932af225a72fc5ee8af9d7f1135f6f4f4d135d9bd927203979be4bcccbc3559e558190b4ecdc43d7502205131af0b15ea

    Score
    10/10
    netwirebotnetratstealer

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks