KR033172A562700243.PDF.exe

General
Target

KR033172A562700243.PDF.exe

Size

789KB

Sample

210421-l286vjmhw6

Score
10 /10
MD5

5ca9ea11f89e982fc93ad12e656648a8

SHA1

0d0bd9cb9549638218db8c3442a3047e25ffc9a9

SHA256

9a0550bcf1c770a3febe17adb59aa91717654e4d660fca29bd7ccff14da6256f

SHA512

cd4f2d1ba153dea1d28a12d9566fdf5bb183ba795584b7e6dc049cb5e4fb1c007fa6581c1cec77f0c0917b9050300dc54213fdc877ab5c69905237dd8dff8262

Malware Config

Extracted

Family netwire
C2

194.156.90.31:5008

Attributes
activex_autorun
false
activex_key
copy_executable
false
delete_original
false
host_id
APRL-WORK
install_path
keylogger_dir
%AppData%\Logs\
lock_executable
false
mutex
offline_keylogger
true
password
Password
registry_autorun
false
startup_name
use_mutex
false
Targets
Target

KR033172A562700243.PDF.exe

MD5

5ca9ea11f89e982fc93ad12e656648a8

Filesize

789KB

Score
10 /10
SHA1

0d0bd9cb9549638218db8c3442a3047e25ffc9a9

SHA256

9a0550bcf1c770a3febe17adb59aa91717654e4d660fca29bd7ccff14da6256f

SHA512

cd4f2d1ba153dea1d28a12d9566fdf5bb183ba795584b7e6dc049cb5e4fb1c007fa6581c1cec77f0c0917b9050300dc54213fdc877ab5c69905237dd8dff8262

Tags

Signatures

  • NetWire RAT payload

    Tags

  • Netwire

    Description

    Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    Tags

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      behavioral1

                      10/10

                      behavioral2

                      10/10