FedEx Shipment.exe

General
Target

FedEx Shipment.exe

Size

738KB

Sample

210305-znfhyn4yqn

Score
10 /10
MD5

20e5be824638df2b4f86520d5a5a0cad

SHA1

5e3a464ce7ebaf297438e52dd6c9eaf374217eed

SHA256

cef2f777b4c29a5ced187382e3c0a0ee61d4c71471fc5d100b78a4e88f4324de

SHA512

238b8f441a6d5c17c407ff254928bb17ef7ed06143a23187842f9ab3012263913055672ea67c32351f2be9d2b2fa6f7e0a2a7af2260514870418dcf19fc11a11

Malware Config
Targets
Target

FedEx Shipment.exe

MD5

20e5be824638df2b4f86520d5a5a0cad

Filesize

738KB

Score
10 /10
SHA1

5e3a464ce7ebaf297438e52dd6c9eaf374217eed

SHA256

cef2f777b4c29a5ced187382e3c0a0ee61d4c71471fc5d100b78a4e88f4324de

SHA512

238b8f441a6d5c17c407ff254928bb17ef7ed06143a23187842f9ab3012263913055672ea67c32351f2be9d2b2fa6f7e0a2a7af2260514870418dcf19fc11a11

Tags

Signatures

  • NetWire RAT payload

    Tags

  • Netwire

    Description

    Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    Tags

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Privilege Escalation
                      Tasks

                      static1