General

  • Target

    51E38C5C7A3A24DD8092F94D915DE981.exe

  • Size

    6KB

  • Sample

    210723-zha4gcv4zx

  • MD5

    51e38c5c7a3a24dd8092f94d915de981

  • SHA1

    a8dd1348c866219ea5357bc3919c9885184949ba

  • SHA256

    5b4962b939b67929dcb5b0c5a90b75e617f9af630271d710a21ccbe0d7738e05

  • SHA512

    60b5d4c6c43bd8841aa18a081e775e0c542c785b35bf7759d002b9bc6b852170b4a629782efc695c21e990348f2d952ccb4ab2651df7944abaeb72458af7cdf4

Malware Config

Extracted

Family

netwire

C2

finerthings.duckdns.org:3021

Attributes
  • activex_autorun

    false

  • activex_key

  • copy_executable

    false

  • delete_original

    false

  • host_id

    H23053OIGS

  • install_path

  • keylogger_dir

  • lock_executable

    false

  • mutex

  • offline_keylogger

    false

  • password

    finerthings@963

  • registry_autorun

    false

  • startup_name

  • use_mutex

    false

Targets

    • Target

      51E38C5C7A3A24DD8092F94D915DE981.exe

    • Size

      6KB

    • MD5

      51e38c5c7a3a24dd8092f94d915de981

    • SHA1

      a8dd1348c866219ea5357bc3919c9885184949ba

    • SHA256

      5b4962b939b67929dcb5b0c5a90b75e617f9af630271d710a21ccbe0d7738e05

    • SHA512

      60b5d4c6c43bd8841aa18a081e775e0c542c785b35bf7759d002b9bc6b852170b4a629782efc695c21e990348f2d952ccb4ab2651df7944abaeb72458af7cdf4

    • NetWire RAT payload

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks