Overview

overview

10

Static

static

KR033172A5...DF.exe

windows7_x64

10

KR033172A5...DF.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    KR033172A562700243.PDF.exe

  • Size

    789KB

  • Sample

    210421-l286vjmhw6

  • MD5

    5ca9ea11f89e982fc93ad12e656648a8

  • SHA1

    0d0bd9cb9549638218db8c3442a3047e25ffc9a9

  • SHA256

    9a0550bcf1c770a3febe17adb59aa91717654e4d660fca29bd7ccff14da6256f

  • SHA512

    cd4f2d1ba153dea1d28a12d9566fdf5bb183ba795584b7e6dc049cb5e4fb1c007fa6581c1cec77f0c0917b9050300dc54213fdc877ab5c69905237dd8dff8262

Score
10/10
netwirebotnetratstealer

Malware Config

Extracted

Family

netwire

C2

194.156.90.31:5008

Attributes
  • activex_autorun

    false

  • activex_key

  • copy_executable

    false

  • delete_original

    false

  • host_id

    APRL-WORK

  • install_path

  • keylogger_dir

    %AppData%\Logs\

  • lock_executable

    false

  • mutex

  • offline_keylogger

    true

  • password

    Password

  • registry_autorun

    false

  • startup_name

  • use_mutex

    false

Targets

    • Target

      KR033172A562700243.PDF.exe

    • Size

      789KB

    • MD5

      5ca9ea11f89e982fc93ad12e656648a8

    • SHA1

      0d0bd9cb9549638218db8c3442a3047e25ffc9a9

    • SHA256

      9a0550bcf1c770a3febe17adb59aa91717654e4d660fca29bd7ccff14da6256f

    • SHA512

      cd4f2d1ba153dea1d28a12d9566fdf5bb183ba795584b7e6dc049cb5e4fb1c007fa6581c1cec77f0c0917b9050300dc54213fdc877ab5c69905237dd8dff8262

    Score
    10/10
    netwirebotnetratstealer

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks