3loyaSLADo1ZNLp.exe

General
Target

3loyaSLADo1ZNLp.exe

Size

1MB

Sample

210712-q2wpdb35f2

Score
10 /10
MD5

6446daba47a6a46d3f10a1c3504223d0

SHA1

e97d50eb97e3f4d70680d43c2d18c418e207e4fe

SHA256

8564faf328ce5c253f4b6b3462402634e64ce8caefeb18428c2dcb4d454ee996

SHA512

1a33ca90af589f6b8ec0d41836a96c5d1d712fd01818d44c096db9839e7f8e873fed5d191b36911de29f1243bc260c1301328f97d7f3a5f8312ad04853db792d

Malware Config

Extracted

Family netwire
C2

dxyasser0.zapto.org:1212

Attributes
activex_autorun
false
activex_key
copy_executable
false
delete_original
false
host_id
HostId-%Rand%
install_path
keylogger_dir
%AppData%\Logs\
lock_executable
false
mutex
offline_keylogger
true
password
123
registry_autorun
false
startup_name
use_mutex
false
Targets
Target

3loyaSLADo1ZNLp.exe

MD5

6446daba47a6a46d3f10a1c3504223d0

Filesize

1MB

Score
10 /10
SHA1

e97d50eb97e3f4d70680d43c2d18c418e207e4fe

SHA256

8564faf328ce5c253f4b6b3462402634e64ce8caefeb18428c2dcb4d454ee996

SHA512

1a33ca90af589f6b8ec0d41836a96c5d1d712fd01818d44c096db9839e7f8e873fed5d191b36911de29f1243bc260c1301328f97d7f3a5f8312ad04853db792d

Tags

Signatures

  • NetWire RAT payload

    Tags

  • Netwire

    Description

    Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    Tags

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      behavioral1

                      10/10

                      behavioral2

                      10/10