General

  • Target

    5a3dc13f6f9c55cbb675901b141e2be455efafae3615f9b72d220fbd83035690

  • Size

    132KB

  • Sample

    220217-dxby6shfdr

  • MD5

    84248a53c56537df4cbc5c163b1a006b

  • SHA1

    72e49684d9c4ef06830d9041139f8db2a7af810c

  • SHA256

    5a3dc13f6f9c55cbb675901b141e2be455efafae3615f9b72d220fbd83035690

  • SHA512

    83b5208ee53360bbeaced9f214e1c0829ec4924d177a57976f1d9d8e20a3f198fdb9febe29eca76e020cebb779f0489000c580c26d5c1dc5cbe8bdf5bb6b20fd

Malware Config

Targets

    • Target

      5a3dc13f6f9c55cbb675901b141e2be455efafae3615f9b72d220fbd83035690

    • Size

      132KB

    • MD5

      84248a53c56537df4cbc5c163b1a006b

    • SHA1

      72e49684d9c4ef06830d9041139f8db2a7af810c

    • SHA256

      5a3dc13f6f9c55cbb675901b141e2be455efafae3615f9b72d220fbd83035690

    • SHA512

      83b5208ee53360bbeaced9f214e1c0829ec4924d177a57976f1d9d8e20a3f198fdb9febe29eca76e020cebb779f0489000c580c26d5c1dc5cbe8bdf5bb6b20fd

    • NetWire RAT payload

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks