4309e6dc5f9633106714d1a16f9300641d45d5062f5456cfb836d4e6d24ace95

General
Target

4309e6dc5f9633106714d1a16f9300641d45d5062f5456cfb836d4e6d24ace95

Size

1MB

Sample

210722-fjn4yq7qzj

Score
10 /10
MD5

f2b4a895b2eea85ad655a6d67177d2a1

SHA1

8f558062e5f2dce4cc17bd12ed68602e3e0d7b87

SHA256

4309e6dc5f9633106714d1a16f9300641d45d5062f5456cfb836d4e6d24ace95

SHA512

e8065c5e721d937b9a185c3fa74f6f4d70f124a4a54b25733783e41c851ed55b9bea4f71571b1a593665584265c723780bf1ca255dc390c695554cb427239be0

Malware Config
Targets
Target

4309e6dc5f9633106714d1a16f9300641d45d5062f5456cfb836d4e6d24ace95

MD5

f2b4a895b2eea85ad655a6d67177d2a1

Filesize

1MB

Score
10 /10
SHA1

8f558062e5f2dce4cc17bd12ed68602e3e0d7b87

SHA256

4309e6dc5f9633106714d1a16f9300641d45d5062f5456cfb836d4e6d24ace95

SHA512

e8065c5e721d937b9a185c3fa74f6f4d70f124a4a54b25733783e41c851ed55b9bea4f71571b1a593665584265c723780bf1ca255dc390c695554cb427239be0

Tags

Signatures

  • NetWire RAT payload

    Tags

  • Netwire

    Description

    Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    Tags

  • Drops startup file

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  • autoit_exe

    Description

    AutoIT scripts compiled to PE executables.

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          5/10

                          behavioral1

                          10/10