General

  • Target

    467e17b8d44626b7456716680e3d043d.exe

  • Size

    349KB

  • Sample

    210630-316zqn4dna

  • MD5

    467e17b8d44626b7456716680e3d043d

  • SHA1

    6636511ae14abb0f2554199b4ed8977def1d9b8a

  • SHA256

    cf2aec2969353dc99a7f715ac818212b42b8cff7a58c9109442f2c65ff62de42

  • SHA512

    5f3a0f47bfe3f1784849c9ddedc30e489b5d37cbb0a73c488ab58efc7a777d0d5e0c5a5abef63661166003b623224d6990b8baa160d6e398dc804b4c2fb941a7

Malware Config

Extracted

Family

netwire

C2

66.154.103.106:13374

Attributes
  • activex_autorun

    false

  • activex_key

  • copy_executable

    false

  • delete_original

    false

  • host_id

    myphone

  • install_path

  • keylogger_dir

  • lock_executable

    false

  • mutex

  • offline_keylogger

    false

  • password

    Password

  • registry_autorun

    false

  • startup_name

  • use_mutex

    false

Targets

    • Target

      467e17b8d44626b7456716680e3d043d.exe

    • Size

      349KB

    • MD5

      467e17b8d44626b7456716680e3d043d

    • SHA1

      6636511ae14abb0f2554199b4ed8977def1d9b8a

    • SHA256

      cf2aec2969353dc99a7f715ac818212b42b8cff7a58c9109442f2c65ff62de42

    • SHA512

      5f3a0f47bfe3f1784849c9ddedc30e489b5d37cbb0a73c488ab58efc7a777d0d5e0c5a5abef63661166003b623224d6990b8baa160d6e398dc804b4c2fb941a7

    • NetWire RAT payload

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Tasks