491ec1161652070007f5205e8d7592271302324e28e58f006fb5a1e81d1d57f1.bin

General
Target

491ec1161652070007f5205e8d7592271302324e28e58f006fb5a1e81d1d57f1.bin

Size

502KB

Sample

210719-ts6z3ze5e2

Score
10 /10
MD5

b49f739d1d6f51d71f075e9392946b2e

SHA1

0967c716434876e355a3127e55f629cc8b0cc238

SHA256

491ec1161652070007f5205e8d7592271302324e28e58f006fb5a1e81d1d57f1

SHA512

c1fc947539b319ab73a9fa5436c9aa1f6792cdbe90e009ae52073c8ac7fbb54e3d864d8e3abf37d8f50b5a024368c7f535f66044268df7d37cca699a6e45a800

Malware Config
Targets
Target

491ec1161652070007f5205e8d7592271302324e28e58f006fb5a1e81d1d57f1.bin

MD5

b49f739d1d6f51d71f075e9392946b2e

Filesize

502KB

Score
10 /10
SHA1

0967c716434876e355a3127e55f629cc8b0cc238

SHA256

491ec1161652070007f5205e8d7592271302324e28e58f006fb5a1e81d1d57f1

SHA512

c1fc947539b319ab73a9fa5436c9aa1f6792cdbe90e009ae52073c8ac7fbb54e3d864d8e3abf37d8f50b5a024368c7f535f66044268df7d37cca699a6e45a800

Tags

Signatures

  • NetWire RAT payload

    Tags

  • Netwire

    Description

    Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    Tags

  • Executes dropped EXE

  • Drops startup file

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        behavioral1

                        10/10

                        behavioral2

                        10/10