General

  • Target

    Nizi International S.A. #New Order.exe

  • Size

    468KB

  • Sample

    210624-nlljv618kn

  • MD5

    4697f45d7a2c5e60372f8d9548d4b75a

  • SHA1

    ee7ba79d497b776b301a7a233e1b84a325ba07b9

  • SHA256

    42949a2f912c87695ebffdd714eae9ae470935a2323f75a937fa3521155b3701

  • SHA512

    78b32bf01891c31307221223ad91f3a57c99766d80ba39b1d53fd454ff029542d5d094650e31fe7e440e5b99474e778730d131877cd8e8131c25ecbff922cb42

Malware Config

Extracted

Family

netwire

C2

sipex2021.ddns.net:8753

Attributes
  • activex_autorun

    false

  • activex_key

  • copy_executable

    false

  • delete_original

    false

  • host_id

    HostId-%Rand%

  • install_path

  • keylogger_dir

    %AppData%\Logs\

  • lock_executable

    false

  • mutex

  • offline_keylogger

    true

  • password

    Password

  • registry_autorun

    false

  • startup_name

  • use_mutex

    false

Targets

    • Target

      Nizi International S.A. #New Order.exe

    • Size

      468KB

    • MD5

      4697f45d7a2c5e60372f8d9548d4b75a

    • SHA1

      ee7ba79d497b776b301a7a233e1b84a325ba07b9

    • SHA256

      42949a2f912c87695ebffdd714eae9ae470935a2323f75a937fa3521155b3701

    • SHA512

      78b32bf01891c31307221223ad91f3a57c99766d80ba39b1d53fd454ff029542d5d094650e31fe7e440e5b99474e778730d131877cd8e8131c25ecbff922cb42

    • NetWire RAT payload

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks