AttachedWaybill.exe

General
Target

AttachedWaybill.exe

Size

574KB

Sample

210723-j2rfffv3ax

Score
10 /10
MD5

33f9d631a4adcd4c64fe639352c5f76b

SHA1

8828f41d318315eb05818fce4499bffa31657160

SHA256

82e96593173c1407d138cca5418a00b0f5cd9960b32d8f03052eca9b33e68b44

SHA512

58818cd5e1d55a4a610bb9836501a6d89fb04209b4275420bc96433af1484c0573bf1851b561779144642dd178152ca871841988864de099334ebe0372d83339

Malware Config

Extracted

Family netwire
C2

nbg.myvnc.com:6655

nbg1.myvnc.com:6655

myb25.camdvr.org:6655

nbg2.myvnc.com:6655

myb27.camdvr.org:6655

nerdmusic.freeddns.org:6655

SUNWAP1.ooguy.com:6655

mynw1.hopto.org:6655

myb24.camdvr.org:6655

Attributes
activex_autorun
false
activex_key
copy_executable
false
delete_original
false
host_id
COVID-19
install_path
keylogger_dir
%AppData%\Logs\
lock_executable
false
mutex
offline_keylogger
true
password
1234
registry_autorun
false
startup_name
use_mutex
false
Targets
Target

AttachedWaybill.exe

MD5

33f9d631a4adcd4c64fe639352c5f76b

Filesize

574KB

Score
10 /10
SHA1

8828f41d318315eb05818fce4499bffa31657160

SHA256

82e96593173c1407d138cca5418a00b0f5cd9960b32d8f03052eca9b33e68b44

SHA512

58818cd5e1d55a4a610bb9836501a6d89fb04209b4275420bc96433af1484c0573bf1851b561779144642dd178152ca871841988864de099334ebe0372d83339

Tags

Signatures

  • NetWire RAT payload

    Tags

  • Netwire

    Description

    Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    Tags

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Privilege Escalation
                      Tasks

                      static1