General

  • Target

    87a9e9b87d1dc549b42203b6e87fca1b4452ebea836359db962cdb5039f87d24

  • Size

    81KB

  • Sample

    220216-31a9gsfghp

  • MD5

    89e1f9a2bd93fbb00ab0a0cef23b4cdd

  • SHA1

    a667763e9fbd978429d16a0f39809ae6c5817754

  • SHA256

    87a9e9b87d1dc549b42203b6e87fca1b4452ebea836359db962cdb5039f87d24

  • SHA512

    2c41dc711f6329d1e7fe83b50b78d5003d1a07d989d29cbd0f388c6e006d04595a810c84269e8bea0abc0607fbf0d3010455edff14d95cb949aa418fc0118df0

Malware Config

Targets

    • Target

      87a9e9b87d1dc549b42203b6e87fca1b4452ebea836359db962cdb5039f87d24

    • Size

      81KB

    • MD5

      89e1f9a2bd93fbb00ab0a0cef23b4cdd

    • SHA1

      a667763e9fbd978429d16a0f39809ae6c5817754

    • SHA256

      87a9e9b87d1dc549b42203b6e87fca1b4452ebea836359db962cdb5039f87d24

    • SHA512

      2c41dc711f6329d1e7fe83b50b78d5003d1a07d989d29cbd0f388c6e006d04595a810c84269e8bea0abc0607fbf0d3010455edff14d95cb949aa418fc0118df0

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks