307e257292be5d47304c1712c8bd1342.exe

General
Target

307e257292be5d47304c1712c8bd1342.exe

Size

386KB

Sample

210305-qvhjeljlae

Score
10 /10
MD5

307e257292be5d47304c1712c8bd1342

SHA1

b22e2b425e3a663f7404579ebf03507713b45959

SHA256

31a804fddf5f1ed1d5c1a69772bc92026f90696a6903a3a7ebaf7aef6dfa9478

SHA512

8496a01a16daa648eb802d3b5ad5e06fb431202f6681afe53f6ab4c7876018169d86963574b7202e7c8653e586df64f280a21432fd4cc3ad82a97b4825db522f

Malware Config
Targets
Target

307e257292be5d47304c1712c8bd1342.exe

MD5

307e257292be5d47304c1712c8bd1342

Filesize

386KB

Score
10 /10
SHA1

b22e2b425e3a663f7404579ebf03507713b45959

SHA256

31a804fddf5f1ed1d5c1a69772bc92026f90696a6903a3a7ebaf7aef6dfa9478

SHA512

8496a01a16daa648eb802d3b5ad5e06fb431202f6681afe53f6ab4c7876018169d86963574b7202e7c8653e586df64f280a21432fd4cc3ad82a97b4825db522f

Tags

Signatures

  • NetWire RAT payload

    Tags

  • Netwire

    Description

    Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    Tags

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        1/10

                        behavioral1

                        10/10

                        behavioral2

                        10/10