Overview

overview

10

Static

static

Albedo Tel...LS.exe

windows7_x64

10

Albedo Tel...LS.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Albedo Telecom Price 202106075254-Request.XLS.exe

  • Size

    1.5MB

  • Sample

    210607-8wd9ymlapx

  • MD5

    4da0b88dce6ebc7197555fbd66d07224

  • SHA1

    5d410ff26c177bfa4cd74fe472a7043e89091fda

  • SHA256

    27fc1cbcf702e483b8eec78bc2605e0d45dda7f0dae2c0adcd6f90b396a1151e

  • SHA512

    46f1cbd558e24a257a7ec75f90908c76891722362dcf0d13a9615d0f660ed9671880984acd7ebfaed6f53d8b3ffa45ca0a920ed9889e87ecb67dab754661afdc

Score
10/10
netwirebotnetratstealer

Malware Config

Extracted

Family

netwire

C2

finerthings.duckdns.org:3021

Attributes
  • activex_autorun

    false

  • activex_key

  • copy_executable

    false

  • delete_original

    false

  • host_id

    H23053OIGS

  • install_path

  • keylogger_dir

  • lock_executable

    false

  • mutex

  • offline_keylogger

    false

  • password

    finerthings@963

  • registry_autorun

    false

  • startup_name

  • use_mutex

    false

Targets

    • Target

      Albedo Telecom Price 202106075254-Request.XLS.exe

    • Size

      1.5MB

    • MD5

      4da0b88dce6ebc7197555fbd66d07224

    • SHA1

      5d410ff26c177bfa4cd74fe472a7043e89091fda

    • SHA256

      27fc1cbcf702e483b8eec78bc2605e0d45dda7f0dae2c0adcd6f90b396a1151e

    • SHA512

      46f1cbd558e24a257a7ec75f90908c76891722362dcf0d13a9615d0f660ed9671880984acd7ebfaed6f53d8b3ffa45ca0a920ed9889e87ecb67dab754661afdc

    Score
    10/10
    netwirebotnetratstealer

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Scripting

1
T1064

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks