b325c03e9582b83c544796f4518fa68b93053b1d21079049f9a8ddf6700a392a.bin

General
Target

b325c03e9582b83c544796f4518fa68b93053b1d21079049f9a8ddf6700a392a.bin

Size

1MB

Sample

210719-e1vp3asjpa

Score
10 /10
MD5

2d619dfd3178ee2ffbcfc488c1211d4f

SHA1

971cf6179b962d3612d0aff277960e0638017401

SHA256

b325c03e9582b83c544796f4518fa68b93053b1d21079049f9a8ddf6700a392a

SHA512

0611fd9ec274528b0b1a993291bfcec35e9aabb54203855b524cccc70e582958686239cce33c1c01427cc5d8a3baeb13d753c03feaf00b856a72742808f0c7fe

Malware Config
Targets
Target

b325c03e9582b83c544796f4518fa68b93053b1d21079049f9a8ddf6700a392a.bin

MD5

2d619dfd3178ee2ffbcfc488c1211d4f

Filesize

1MB

Score
10 /10
SHA1

971cf6179b962d3612d0aff277960e0638017401

SHA256

b325c03e9582b83c544796f4518fa68b93053b1d21079049f9a8ddf6700a392a

SHA512

0611fd9ec274528b0b1a993291bfcec35e9aabb54203855b524cccc70e582958686239cce33c1c01427cc5d8a3baeb13d753c03feaf00b856a72742808f0c7fe

Tags

Signatures

  • NetWire RAT payload

    Tags

  • Netwire

    Description

    Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    Tags

  • Suspicious use of NtCreateProcessExOtherParentProcess

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks

                    static1

                    5/10