General

  • Target

    16073cff18984bb8027adf38397b92ed06e84082afab7e0f6cc20e8e09ae8718

  • Size

    105KB

  • Sample

    220503-ahx2badag7

  • MD5

    287e090c10d97f99f599cb3b23e673a3

  • SHA1

    e7548469f9878ca94394819904b5067d792db56f

  • SHA256

    16073cff18984bb8027adf38397b92ed06e84082afab7e0f6cc20e8e09ae8718

  • SHA512

    f62236dde879ceb4c442bde71db41ba498c93054d809de612f261d7a77340ca06731d660c24a17ecf39bdc8bc3b6669561caae855f04a4d477d5feac07ec478f

Malware Config

Targets

    • Target

      16073cff18984bb8027adf38397b92ed06e84082afab7e0f6cc20e8e09ae8718

    • Size

      105KB

    • MD5

      287e090c10d97f99f599cb3b23e673a3

    • SHA1

      e7548469f9878ca94394819904b5067d792db56f

    • SHA256

      16073cff18984bb8027adf38397b92ed06e84082afab7e0f6cc20e8e09ae8718

    • SHA512

      f62236dde879ceb4c442bde71db41ba498c93054d809de612f261d7a77340ca06731d660c24a17ecf39bdc8bc3b6669561caae855f04a4d477d5feac07ec478f

    • NetWire RAT payload

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    • Executes dropped EXE

    • Modifies Installed Components in the registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

2
T1060

Defense Evasion

Modify Registry

2
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks