87c7c23ff999c80b081423d40721ee44b8bf037d26d3452030b8a0f19837f27f

General
Target

87c7c23ff999c80b081423d40721ee44b8bf037d26d3452030b8a0f19837f27f

Size

1MB

Sample

210727-8t62kvl6zj

Score
10 /10
MD5

17ef31964e6b74518a5da99434b017f2

SHA1

b473541b7c253d2badd453ccce2b4a9f7565493f

SHA256

87c7c23ff999c80b081423d40721ee44b8bf037d26d3452030b8a0f19837f27f

SHA512

3d2f65fec89c66fd6562ec18c8c9b45064c6846ebe5fe11ac7cf4972d072ce398645113bfc1f5e90ba5e81f7327d16f7f6f4e790d79d7cf3ef6887bd8c39a0f5

Malware Config
Targets
Target

87c7c23ff999c80b081423d40721ee44b8bf037d26d3452030b8a0f19837f27f

MD5

17ef31964e6b74518a5da99434b017f2

Filesize

1MB

Score
10 /10
SHA1

b473541b7c253d2badd453ccce2b4a9f7565493f

SHA256

87c7c23ff999c80b081423d40721ee44b8bf037d26d3452030b8a0f19837f27f

SHA512

3d2f65fec89c66fd6562ec18c8c9b45064c6846ebe5fe11ac7cf4972d072ce398645113bfc1f5e90ba5e81f7327d16f7f6f4e790d79d7cf3ef6887bd8c39a0f5

Tags

Signatures

  • NetWire RAT payload

    Tags

  • Netwire

    Description

    Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    Tags

  • Drops startup file

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          5/10

                          behavioral1

                          10/10