e101b909b756b3c91655dc0ba5073887162757a17d643c6df230d5bdb228ff96.bin

General
Target

e101b909b756b3c91655dc0ba5073887162757a17d643c6df230d5bdb228ff96.bin

Size

247KB

Sample

210719-aqbqg4z53x

Score
10 /10
MD5

a3e07383b17726ab7223d618658fa337

SHA1

14e19e38d30878eb633c9c0170a7ca441976f5e4

SHA256

e101b909b756b3c91655dc0ba5073887162757a17d643c6df230d5bdb228ff96

SHA512

d4658d341eece6898c7aad9ca90389f969288210a490232b808bcc08527f50607fa3635345271e9e414c26831779d9c5c5fc25a4df22ee4ee2dd025d5191bb9e

Malware Config

Extracted

Family netwire
C2

127.0.0.1:3360

chrisle79.ddns.net:4414

jacknop79.ddns.net:4414

smath79.ddns.net:4414

whatis79.ddns.net:4414

goodgt79.ddns.net:4414

bonding79.ddns.net:4414

Attributes
activex_autorun
false
activex_key
copy_executable
false
delete_original
false
host_id
June 2021
install_path
keylogger_dir
%AppData%\Logs\
lock_executable
false
mutex
offline_keylogger
true
password
Password2$
registry_autorun
false
startup_name
use_mutex
false
Targets
Target

e101b909b756b3c91655dc0ba5073887162757a17d643c6df230d5bdb228ff96.bin

MD5

a3e07383b17726ab7223d618658fa337

Filesize

247KB

Score
10 /10
SHA1

14e19e38d30878eb633c9c0170a7ca441976f5e4

SHA256

e101b909b756b3c91655dc0ba5073887162757a17d643c6df230d5bdb228ff96

SHA512

d4658d341eece6898c7aad9ca90389f969288210a490232b808bcc08527f50607fa3635345271e9e414c26831779d9c5c5fc25a4df22ee4ee2dd025d5191bb9e

Tags

Signatures

  • Modifies WinLogon for persistence

    Tags

    TTPs

    Winlogon Helper DLL Modify Registry
  • NetWire RAT payload

    Tags

  • Netwire

    Description

    Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    Tags

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                    Privilege Escalation
                      Tasks

                      static1