General

  • Target

    863a19222eecc560657e64d720a5b64a28e972a7ea5a7983c98343694ffe284d

  • Size

    132KB

  • Sample

    220217-aaz6psfhbq

  • MD5

    881779ca64253b8849df903a23e6d652

  • SHA1

    f564352d587ebea5527de51b7bd1269a47355973

  • SHA256

    863a19222eecc560657e64d720a5b64a28e972a7ea5a7983c98343694ffe284d

  • SHA512

    2aff2f984f561ce0d5ae60b529da7cfdec35e02e28d8e9de27346e8c078bccf42c0bd882d7f8e0c70a0aea3bc6592489ee1bb7cc7cd3d1206547610efce26a94

Malware Config

Targets

    • Target

      863a19222eecc560657e64d720a5b64a28e972a7ea5a7983c98343694ffe284d

    • Size

      132KB

    • MD5

      881779ca64253b8849df903a23e6d652

    • SHA1

      f564352d587ebea5527de51b7bd1269a47355973

    • SHA256

      863a19222eecc560657e64d720a5b64a28e972a7ea5a7983c98343694ffe284d

    • SHA512

      2aff2f984f561ce0d5ae60b529da7cfdec35e02e28d8e9de27346e8c078bccf42c0bd882d7f8e0c70a0aea3bc6592489ee1bb7cc7cd3d1206547610efce26a94

    • NetWire RAT payload

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    • Executes dropped EXE

    • Modifies Installed Components in the registry

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks