Bank details.exe

General
Target

Bank details.exe

Size

702KB

Sample

210720-an5sb2zp9j

Score
10 /10
MD5

4e0ee2b83297b3b44acdce3e9a3a4d24

SHA1

616c863f53f9a9bc3507b14cb759c289fcf6eb5f

SHA256

ef4fb21fec01aa193370b1ac7551aa759765b4e289f781b67d762e61335c7e41

SHA512

d91bc09fa872fb6d6d337db39f980c6cee0d01186f73349c36f4bbee59c65bc1e919dfc3b505bc2458a0af84c068f488c93b74a209a593976f32fc92dabe1809

Malware Config

Extracted

Family netwire
C2

warin.hopto.org:4320

Attributes
activex_autorun
false
activex_key
copy_executable
false
delete_original
false
host_id
HostId-%Rand%
install_path
keylogger_dir
%AppData%\Logs\
lock_executable
false
mutex
offline_keylogger
true
password
Password
registry_autorun
false
startup_name
use_mutex
false
Targets
Target

Bank details.exe

MD5

4e0ee2b83297b3b44acdce3e9a3a4d24

Filesize

702KB

Score
10 /10
SHA1

616c863f53f9a9bc3507b14cb759c289fcf6eb5f

SHA256

ef4fb21fec01aa193370b1ac7551aa759765b4e289f781b67d762e61335c7e41

SHA512

d91bc09fa872fb6d6d337db39f980c6cee0d01186f73349c36f4bbee59c65bc1e919dfc3b505bc2458a0af84c068f488c93b74a209a593976f32fc92dabe1809

Tags

Signatures

  • ModiLoader, DBatLoader

    Description

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    Tags

  • NetWire RAT payload

    Tags

  • Netwire

    Description

    Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    Tags

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Privilege Escalation