450f463616026025f68295b9a3dd365f

General
Target

450f463616026025f68295b9a3dd365f

Size

779KB

Sample

210915-hw8nzadbaq

Score
10 /10
MD5

450f463616026025f68295b9a3dd365f

SHA1

440c0e1d874ebd9c3f86b672f24b39d7c857baa3

SHA256

c96f0650573130180a039e7b9d66d11e18c97c9fe96c732f2d5fdbcb05a140eb

SHA512

7fb9e37bb037f48779b508863f9dacd9714214adc4642619978b9cf90cd19311ad0f122512a41e4d91ad55bd25d7f076266e93f60cfb9df7e8cf325149d4b76f

Malware Config

Extracted

Family netwire
C2

176.107.178.179:5218

134.19.179.147:5214

139.28.36.101:5218

Attributes
activex_autorun
false
activex_key
copy_executable
false
delete_original
false
host_id
31-Aug
install_path
keylogger_dir
%AppData%\Local\Nets\
lock_executable
true
mutex
iXSIGucL
offline_keylogger
true
password
Password
registry_autorun
false
startup_name
use_mutex
true
Targets
Target

450f463616026025f68295b9a3dd365f

MD5

450f463616026025f68295b9a3dd365f

Filesize

779KB

Score
10 /10
SHA1

440c0e1d874ebd9c3f86b672f24b39d7c857baa3

SHA256

c96f0650573130180a039e7b9d66d11e18c97c9fe96c732f2d5fdbcb05a140eb

SHA512

7fb9e37bb037f48779b508863f9dacd9714214adc4642619978b9cf90cd19311ad0f122512a41e4d91ad55bd25d7f076266e93f60cfb9df7e8cf325149d4b76f

Tags

Signatures

  • NetWire RAT payload

    Tags

  • Netwire

    Description

    Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    Tags

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Privilege Escalation
                      Tasks

                      static1

                      behavioral2

                      3/10