Overview

overview

10

Static

static

491ec11616...in.exe

windows7_x64

10

491ec11616...in.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    491ec1161652070007f5205e8d7592271302324e28e58f006fb5a1e81d1d57f1.bin

  • Size

    502KB

  • Sample

    210719-ts6z3ze5e2

  • MD5

    b49f739d1d6f51d71f075e9392946b2e

  • SHA1

    0967c716434876e355a3127e55f629cc8b0cc238

  • SHA256

    491ec1161652070007f5205e8d7592271302324e28e58f006fb5a1e81d1d57f1

  • SHA512

    c1fc947539b319ab73a9fa5436c9aa1f6792cdbe90e009ae52073c8ac7fbb54e3d864d8e3abf37d8f50b5a024368c7f535f66044268df7d37cca699a6e45a800

Score
10/10
netwirebotnetratstealer

Malware Config

Targets

    • Target

      491ec1161652070007f5205e8d7592271302324e28e58f006fb5a1e81d1d57f1.bin

    • Size

      502KB

    • MD5

      b49f739d1d6f51d71f075e9392946b2e

    • SHA1

      0967c716434876e355a3127e55f629cc8b0cc238

    • SHA256

      491ec1161652070007f5205e8d7592271302324e28e58f006fb5a1e81d1d57f1

    • SHA512

      c1fc947539b319ab73a9fa5436c9aa1f6792cdbe90e009ae52073c8ac7fbb54e3d864d8e3abf37d8f50b5a024368c7f535f66044268df7d37cca699a6e45a800

    Score
    10/10
    netwirebotnetratstealer

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Executes dropped EXE

    • Drops startup file

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks