General

  • Target

    a91e13d3_extracted

  • Size

    148KB

  • Sample

    210304-bzmfds1442

  • MD5

    db9234aba32d674eea9759c1d30ec93a

  • SHA1

    d5ac9a2f2c89d49647c8b51e682128c4abe25fbe

  • SHA256

    8f1e1b819eac04fc624b5ec2395b1664ab50ed641e4b04c15898cadf720c9a92

  • SHA512

    906f8551ab4fe10d6d64f2bc8b593e42c8788bd61c6c03a071eb47e7f528a44313b7a9e6049ea0fd1f1d7a938e188fc4f354325c7dbdfc98e9a23e21c995fa93

Malware Config

Targets

    • Target

      a91e13d3_extracted

    • Size

      148KB

    • MD5

      db9234aba32d674eea9759c1d30ec93a

    • SHA1

      d5ac9a2f2c89d49647c8b51e682128c4abe25fbe

    • SHA256

      8f1e1b819eac04fc624b5ec2395b1664ab50ed641e4b04c15898cadf720c9a92

    • SHA512

      906f8551ab4fe10d6d64f2bc8b593e42c8788bd61c6c03a071eb47e7f528a44313b7a9e6049ea0fd1f1d7a938e188fc4f354325c7dbdfc98e9a23e21c995fa93

    • NetWire RAT payload

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Tasks