General

  • Target

    87efbad587461f5d3399ef055ed043f137b77aa243189b334e6cc1292bce7dfd

  • Size

    89KB

  • Sample

    220216-3z456sfghl

  • MD5

    6c096936f83eb2c78845151dd718397e

  • SHA1

    e19a91ae5c5a3f0c1e11d178fac818730608c3c7

  • SHA256

    87efbad587461f5d3399ef055ed043f137b77aa243189b334e6cc1292bce7dfd

  • SHA512

    28952766ec8beb3a6c9e0ff3fa68644540c407c446319146694aa45fc517686952234afac9be71cc19c99f5a7dbb46489301f830643d6795f15ce61db54c09a7

Malware Config

Extracted

Family

netwire

C2

uploadp3p.publicvm.com:4004

systool.sytes.net:4004

Attributes
  • activex_autorun

    false

  • activex_key

  • copy_executable

    true

  • delete_original

    false

  • host_id

    Monday-%Rand%

  • install_path

    %AppData%\WinRAR\systmon.exe

  • keylogger_dir

    %AppData%\Logs\

  • lock_executable

    false

  • mutex

    tjsOdMRv

  • offline_keylogger

    true

  • password

    Password

  • registry_autorun

    false

  • startup_name

  • use_mutex

    true

Targets

    • Target

      87efbad587461f5d3399ef055ed043f137b77aa243189b334e6cc1292bce7dfd

    • Size

      89KB

    • MD5

      6c096936f83eb2c78845151dd718397e

    • SHA1

      e19a91ae5c5a3f0c1e11d178fac818730608c3c7

    • SHA256

      87efbad587461f5d3399ef055ed043f137b77aa243189b334e6cc1292bce7dfd

    • SHA512

      28952766ec8beb3a6c9e0ff3fa68644540c407c446319146694aa45fc517686952234afac9be71cc19c99f5a7dbb46489301f830643d6795f15ce61db54c09a7

    • NetWire RAT payload

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Matrix

Tasks