35A80E79A290DFCE0D019D467EC8DC9C.exe

General
Target

35A80E79A290DFCE0D019D467EC8DC9C.exe

Size

2MB

Sample

210723-5lqnaby9dx

Score
10 /10
MD5

35a80e79a290dfce0d019d467ec8dc9c

SHA1

c9e67190debfb937b1c148b5c1c0f2869e4c0b8a

SHA256

ee70cb2fc82abe10d225555baf80864b1c8f779fce79dcb2b76943d145a8130e

SHA512

5916e9bc037a5e95fdeb8cc519cea95e3d63c25a1940673c99713621133463c32e5c6ce8bd7c7635c666a1c76c8dfe1554b14719f2f0e5acd9a77fe8da7e7b03

Malware Config

Extracted

Family netwire
C2

finerthings.duckdns.org:3021

Attributes
activex_autorun
false
activex_key
copy_executable
false
delete_original
false
host_id
H23053OIGS
install_path
keylogger_dir
lock_executable
false
mutex
offline_keylogger
false
password
finerthings@963
registry_autorun
false
startup_name
use_mutex
false
Targets
Target

35A80E79A290DFCE0D019D467EC8DC9C.exe

MD5

35a80e79a290dfce0d019d467ec8dc9c

Filesize

2MB

Score
10 /10
SHA1

c9e67190debfb937b1c148b5c1c0f2869e4c0b8a

SHA256

ee70cb2fc82abe10d225555baf80864b1c8f779fce79dcb2b76943d145a8130e

SHA512

5916e9bc037a5e95fdeb8cc519cea95e3d63c25a1940673c99713621133463c32e5c6ce8bd7c7635c666a1c76c8dfe1554b14719f2f0e5acd9a77fe8da7e7b03

Tags

Signatures

  • NetWire RAT payload

    Tags

  • Netwire

    Description

    Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    Tags

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        behavioral1

                        10/10

                        behavioral2

                        10/10