General

  • Target

    4309e6dc5f9633106714d1a16f9300641d45d5062f5456cfb836d4e6d24ace95

  • Size

    1.1MB

  • Sample

    210722-fjn4yq7qzj

  • MD5

    f2b4a895b2eea85ad655a6d67177d2a1

  • SHA1

    8f558062e5f2dce4cc17bd12ed68602e3e0d7b87

  • SHA256

    4309e6dc5f9633106714d1a16f9300641d45d5062f5456cfb836d4e6d24ace95

  • SHA512

    e8065c5e721d937b9a185c3fa74f6f4d70f124a4a54b25733783e41c851ed55b9bea4f71571b1a593665584265c723780bf1ca255dc390c695554cb427239be0

Malware Config

Targets

    • Target

      4309e6dc5f9633106714d1a16f9300641d45d5062f5456cfb836d4e6d24ace95

    • Size

      1.1MB

    • MD5

      f2b4a895b2eea85ad655a6d67177d2a1

    • SHA1

      8f558062e5f2dce4cc17bd12ed68602e3e0d7b87

    • SHA256

      4309e6dc5f9633106714d1a16f9300641d45d5062f5456cfb836d4e6d24ace95

    • SHA512

      e8065c5e721d937b9a185c3fa74f6f4d70f124a4a54b25733783e41c851ed55b9bea4f71571b1a593665584265c723780bf1ca255dc390c695554cb427239be0

    • NetWire RAT payload

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    • Drops startup file

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    • autoit_exe

      AutoIT scripts compiled to PE executables.

MITRE ATT&CK Matrix

Tasks