6d13bcbb45eb4aaf00e63c46f6f393d879a1024be898f95d09c9d50647e76319.bin

General
Target

6d13bcbb45eb4aaf00e63c46f6f393d879a1024be898f95d09c9d50647e76319.bin

Size

403KB

Sample

210719-fajl6hrche

Score
10 /10
MD5

593a29ce11dbd3aa281d170d43f372b1

SHA1

43e73ff7d4c8143b382dee318a50c4e9d8c5c77c

SHA256

6d13bcbb45eb4aaf00e63c46f6f393d879a1024be898f95d09c9d50647e76319

SHA512

944c7a12b312cfde56ed3c08d424ff12cc3eb0038ac7e7f0554e560b56d13ba8de74a479a98b3b608ba8b6cd8ec733a9adda6e3c9ee21065b6ef288f84c693bb

Malware Config

Extracted

Family netwire
C2

chrisle79.ddns.net:4414

jacknop79.ddns.net:4414

smath79.ddns.net:4414

whatis79.ddns.net:4414

goodgt79.ddns.net:4414

bonding79.ddns.net:4414

Attributes
activex_autorun
false
activex_key
copy_executable
false
delete_original
false
host_id
June 2021
install_path
keylogger_dir
%AppData%\Logs\
lock_executable
false
mutex
offline_keylogger
true
password
Password2$
registry_autorun
false
startup_name
use_mutex
false
Targets
Target

6d13bcbb45eb4aaf00e63c46f6f393d879a1024be898f95d09c9d50647e76319.bin

MD5

593a29ce11dbd3aa281d170d43f372b1

Filesize

403KB

Score
10 /10
SHA1

43e73ff7d4c8143b382dee318a50c4e9d8c5c77c

SHA256

6d13bcbb45eb4aaf00e63c46f6f393d879a1024be898f95d09c9d50647e76319

SHA512

944c7a12b312cfde56ed3c08d424ff12cc3eb0038ac7e7f0554e560b56d13ba8de74a479a98b3b608ba8b6cd8ec733a9adda6e3c9ee21065b6ef288f84c693bb

Tags

Signatures

  • Modifies WinLogon for persistence

    Tags

    TTPs

    Winlogon Helper DLL Modify Registry
  • NetWire RAT payload

    Tags

  • Netwire

    Description

    Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    Tags

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                    Privilege Escalation
                      Tasks

                      static1