A582F8176C5F4BECF5F95A563E9EC11A.exe

General
Target

A582F8176C5F4BECF5F95A563E9EC11A.exe

Size

1MB

Sample

210725-nn41nmx6b6

Score
10 /10
MD5

a582f8176c5f4becf5f95a563e9ec11a

SHA1

a8b2fd3f57157cce4fe9442b8ffa53e15ca4820c

SHA256

bd62e723aff056a5f6dd9b9ece4f5ea4bae0a50cc3bdd5f4228fb265c2a96170

SHA512

b077839b7a01290ade4632342e20dcc2885036deccd0a32d685a99efd2abbfd6f29ce5739f2145d8d439f8816092ad73612a15263580f356d9d727a4d8099fb0

Malware Config

Extracted

Family netwire
C2

roban.giize.com:1604

Attributes
activex_autorun
false
activex_key
copy_executable
false
delete_original
false
host_id
HostId-%Rand%
install_path
keylogger_dir
lock_executable
false
mutex
offline_keylogger
false
password
Password
registry_autorun
false
startup_name
use_mutex
false
Targets
Target

A582F8176C5F4BECF5F95A563E9EC11A.exe

MD5

a582f8176c5f4becf5f95a563e9ec11a

Filesize

1MB

Score
10 /10
SHA1

a8b2fd3f57157cce4fe9442b8ffa53e15ca4820c

SHA256

bd62e723aff056a5f6dd9b9ece4f5ea4bae0a50cc3bdd5f4228fb265c2a96170

SHA512

b077839b7a01290ade4632342e20dcc2885036deccd0a32d685a99efd2abbfd6f29ce5739f2145d8d439f8816092ad73612a15263580f356d9d727a4d8099fb0

Tags

Signatures

  • NetWire RAT payload

    Tags

  • Netwire

    Description

    Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    Tags

  • Drops startup file

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          7/10

                          behavioral2

                          10/10