Overview

overview

10

Static

static

PO-9768708...df.exe

windows7_x64

10

PO-9768708...df.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO-9768708-Hyundai-09221-6138 pdf.exe

  • Size

    702KB

  • Sample

    220504-fx5ycsdba4

  • MD5

    5df0240aa06b38e1a88fde9c6c5c306e

  • SHA1

    2a3d233fed9ea294b049061fe85e471cabc83f97

  • SHA256

    869fa23919d381e4af0d8c04881d65ad842cb96020da5c1e16f65c48190d3eef

  • SHA512

    cfff543c68effd0051e6f29be985e6527f317ea5813bc695de4b0a97bda68ca29f6d05c3a9b6efb9bf98596aef403d25373c3bcf58d10f84678b276d52b6d8a0

Score
10/10
netwirebotnetratstealer

Malware Config

Targets

    • Target

      PO-9768708-Hyundai-09221-6138 pdf.exe

    • Size

      702KB

    • MD5

      5df0240aa06b38e1a88fde9c6c5c306e

    • SHA1

      2a3d233fed9ea294b049061fe85e471cabc83f97

    • SHA256

      869fa23919d381e4af0d8c04881d65ad842cb96020da5c1e16f65c48190d3eef

    • SHA512

      cfff543c68effd0051e6f29be985e6527f317ea5813bc695de4b0a97bda68ca29f6d05c3a9b6efb9bf98596aef403d25373c3bcf58d10f84678b276d52b6d8a0

    Score
    10/10
    netwirebotnetratstealer

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks