0d4b60f5103dfeca4fbbcfd4578392f5f509637479c71afdcc52ddfc7655bb99.bin

General
Target

0d4b60f5103dfeca4fbbcfd4578392f5f509637479c71afdcc52ddfc7655bb99.bin

Size

234KB

Sample

210719-syca9ajnzx

Score
10 /10
MD5

2ed143538f8503893e119b893b342a17

SHA1

75860e5635ac8410e25a24086ac5f4cd50d1a84e

SHA256

0d4b60f5103dfeca4fbbcfd4578392f5f509637479c71afdcc52ddfc7655bb99

SHA512

d8d2204965dfb33054cdd9f9e4a2b06bed48b3994716888c52b2d8ce43f7285f467f8c2c2b09e42c4f0736179cf0416ede69b5b1c65f9652a5f87a854d5bdead

Malware Config

Extracted

Family netwire
C2

chrisle79.ddns.net:4414

jacknop79.ddns.net:4414

smath79.ddns.net:4414

whatis79.ddns.net:4414

goodgt79.ddns.net:4414

bonding79.ddns.net:4414

Attributes
activex_autorun
false
activex_key
copy_executable
false
delete_original
false
host_id
June 2021
install_path
keylogger_dir
%AppData%\Logs\
lock_executable
false
mutex
offline_keylogger
true
password
Password2$
registry_autorun
false
startup_name
use_mutex
false
Targets
Target

0d4b60f5103dfeca4fbbcfd4578392f5f509637479c71afdcc52ddfc7655bb99.bin

MD5

2ed143538f8503893e119b893b342a17

Filesize

234KB

Score
10 /10
SHA1

75860e5635ac8410e25a24086ac5f4cd50d1a84e

SHA256

0d4b60f5103dfeca4fbbcfd4578392f5f509637479c71afdcc52ddfc7655bb99

SHA512

d8d2204965dfb33054cdd9f9e4a2b06bed48b3994716888c52b2d8ce43f7285f467f8c2c2b09e42c4f0736179cf0416ede69b5b1c65f9652a5f87a854d5bdead

Tags

Signatures

  • Modifies WinLogon for persistence

    Tags

    TTPs

    Winlogon Helper DLL Modify Registry
  • NetWire RAT payload

    Tags

  • Netwire

    Description

    Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    Tags

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                    Privilege Escalation
                      Tasks

                      static1