b58c2b3f5f6fdae85220cd053a163ba7b6e2de2f85f3b6fde2ad52528f598082.bin

General
Target

b58c2b3f5f6fdae85220cd053a163ba7b6e2de2f85f3b6fde2ad52528f598082.bin

Size

256KB

Sample

210719-knzwljlzz2

Score
10 /10
MD5

3982c9643ff47aa981a446f679e332f8

SHA1

c9baff1bac6e99aa18a56532ed851c896cb5d5c9

SHA256

b58c2b3f5f6fdae85220cd053a163ba7b6e2de2f85f3b6fde2ad52528f598082

SHA512

c226600764a1f3e1fb57e96e1df966cb232f29b23aefabb7f189b6952f7e5a6c8b6a5442b29b4ff72d2b87c06a53c2ca7766e5f609d7450ac85e8211a7a6cf7f

Malware Config

Extracted

Family netwire
C2

chrisle79.ddns.net:4414

jacknop79.ddns.net:4414

smath79.ddns.net:4414

whatis79.ddns.net:4414

goodgt79.ddns.net:4414

bonding79.ddns.net:4414

Attributes
activex_autorun
false
activex_key
copy_executable
false
delete_original
false
host_id
June 2021
install_path
keylogger_dir
%AppData%\Logs\
lock_executable
false
mutex
offline_keylogger
true
password
Password2$
registry_autorun
false
startup_name
use_mutex
false
Targets
Target

b58c2b3f5f6fdae85220cd053a163ba7b6e2de2f85f3b6fde2ad52528f598082.bin

MD5

3982c9643ff47aa981a446f679e332f8

Filesize

256KB

Score
10 /10
SHA1

c9baff1bac6e99aa18a56532ed851c896cb5d5c9

SHA256

b58c2b3f5f6fdae85220cd053a163ba7b6e2de2f85f3b6fde2ad52528f598082

SHA512

c226600764a1f3e1fb57e96e1df966cb232f29b23aefabb7f189b6952f7e5a6c8b6a5442b29b4ff72d2b87c06a53c2ca7766e5f609d7450ac85e8211a7a6cf7f

Tags

Signatures

  • Modifies WinLogon for persistence

    Tags

    TTPs

    Winlogon Helper DLL Modify Registry
  • NetWire RAT payload

    Tags

  • Netwire

    Description

    Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    Tags

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                    Privilege Escalation
                      Tasks

                      static1