Overview

overview

10

Static

static

1

307e257292...42.exe

windows7_x64

10

307e257292...42.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    307e257292be5d47304c1712c8bd1342.exe

  • Size

    386KB

  • Sample

    210305-qvhjeljlae

  • MD5

    307e257292be5d47304c1712c8bd1342

  • SHA1

    b22e2b425e3a663f7404579ebf03507713b45959

  • SHA256

    31a804fddf5f1ed1d5c1a69772bc92026f90696a6903a3a7ebaf7aef6dfa9478

  • SHA512

    8496a01a16daa648eb802d3b5ad5e06fb431202f6681afe53f6ab4c7876018169d86963574b7202e7c8653e586df64f280a21432fd4cc3ad82a97b4825db522f

Score
10/10
netwirebotnetratstealer

Malware Config

Targets

    • Target

      307e257292be5d47304c1712c8bd1342.exe

    • Size

      386KB

    • MD5

      307e257292be5d47304c1712c8bd1342

    • SHA1

      b22e2b425e3a663f7404579ebf03507713b45959

    • SHA256

      31a804fddf5f1ed1d5c1a69772bc92026f90696a6903a3a7ebaf7aef6dfa9478

    • SHA512

      8496a01a16daa648eb802d3b5ad5e06fb431202f6681afe53f6ab4c7876018169d86963574b7202e7c8653e586df64f280a21432fd4cc3ad82a97b4825db522f

    Score
    10/10
    netwirebotnetratstealer

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks