51E38C5C7A3A24DD8092F94D915DE981.exe

General
Target

51E38C5C7A3A24DD8092F94D915DE981.exe

Size

6KB

Sample

210722-bvtst1a3ka

Score
10 /10
MD5

51e38c5c7a3a24dd8092f94d915de981

SHA1

a8dd1348c866219ea5357bc3919c9885184949ba

SHA256

5b4962b939b67929dcb5b0c5a90b75e617f9af630271d710a21ccbe0d7738e05

SHA512

60b5d4c6c43bd8841aa18a081e775e0c542c785b35bf7759d002b9bc6b852170b4a629782efc695c21e990348f2d952ccb4ab2651df7944abaeb72458af7cdf4

Malware Config

Extracted

Family netwire
C2

finerthings.duckdns.org:3021

Attributes
activex_autorun
false
activex_key
copy_executable
false
delete_original
false
host_id
H23053OIGS
install_path
keylogger_dir
lock_executable
false
mutex
offline_keylogger
false
password
finerthings@963
registry_autorun
false
startup_name
use_mutex
false
Targets
Target

51E38C5C7A3A24DD8092F94D915DE981.exe

MD5

51e38c5c7a3a24dd8092f94d915de981

Filesize

6KB

Score
10 /10
SHA1

a8dd1348c866219ea5357bc3919c9885184949ba

SHA256

5b4962b939b67929dcb5b0c5a90b75e617f9af630271d710a21ccbe0d7738e05

SHA512

60b5d4c6c43bd8841aa18a081e775e0c542c785b35bf7759d002b9bc6b852170b4a629782efc695c21e990348f2d952ccb4ab2651df7944abaeb72458af7cdf4

Tags

Signatures

  • NetWire RAT payload

    Tags

  • Netwire

    Description

    Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    Tags

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        behavioral1

                        10/10

                        behavioral2

                        10/10