PO-13918.jpeg.exe

General
Target

PO-13918.jpeg.exe

Size

814KB

Sample

210714-tnkb1m82le

Score
10 /10
MD5

39354b7b1d0dda28b95785b967621c07

SHA1

e0e21df731ac7e2bcaa1fa1ca0a3f12936a111a4

SHA256

ff32e93cbeacbeda2437159fc90e1c0a4b6b1d7fa160a931fe80801ba6e3311d

SHA512

ba6eb8b059b0ac8b420facc74c41ac0cd46e790f943c83c37902399e500239937d4424ed4e49226c2dfcd47e37ecee07f24894c67e1b0b5e43848a75f6a59619

Malware Config

Extracted

Family netwire
C2

netwire.linkpc.net:6000

Attributes
activex_autorun
false
activex_key
copy_executable
false
delete_original
false
host_id
NETWIRE 2021
install_path
keylogger_dir
%AppData%\Logs\
lock_executable
false
mutex
RRMkVNlN
offline_keylogger
true
password
chizzy25@
registry_autorun
false
startup_name
use_mutex
true
Targets
Target

PO-13918.jpeg.exe

MD5

39354b7b1d0dda28b95785b967621c07

Filesize

814KB

Score
10 /10
SHA1

e0e21df731ac7e2bcaa1fa1ca0a3f12936a111a4

SHA256

ff32e93cbeacbeda2437159fc90e1c0a4b6b1d7fa160a931fe80801ba6e3311d

SHA512

ba6eb8b059b0ac8b420facc74c41ac0cd46e790f943c83c37902399e500239937d4424ed4e49226c2dfcd47e37ecee07f24894c67e1b0b5e43848a75f6a59619

Tags

Signatures

  • NetWire RAT payload

    Tags

  • Netwire

    Description

    Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    Tags

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      behavioral1

                      10/10

                      behavioral2

                      10/10