Overview

overview

10

Static

static

Purchase O...df.exe

windows7_x64

10

Purchase O...df.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Purchase Order NO#XL005465 pdf.exe

  • Size

    596KB

  • Sample

    220504-k56l3sdee7

  • MD5

    422bfefe6ab8872a886c7b43a64c2375

  • SHA1

    a2311ff345e7eb8cc4ce7cc380a14cd34062b762

  • SHA256

    3a01de5d3ac9d4bc94221c451ab5fb25d154b032c7b7e8d20f5cbb380434beed

  • SHA512

    8ba97d4d10b89d0acd2864a3f44a62cdcd4e71dada6f4b67f81597d0ce940c28c145c31b5950b5efa544fbb77c1a46bfbe82c596ee94f9d8f347ab0678cd02bb

Score
10/10
netwirebotnetratstealer

Malware Config

Targets

    • Target

      Purchase Order NO#XL005465 pdf.exe

    • Size

      596KB

    • MD5

      422bfefe6ab8872a886c7b43a64c2375

    • SHA1

      a2311ff345e7eb8cc4ce7cc380a14cd34062b762

    • SHA256

      3a01de5d3ac9d4bc94221c451ab5fb25d154b032c7b7e8d20f5cbb380434beed

    • SHA512

      8ba97d4d10b89d0acd2864a3f44a62cdcd4e71dada6f4b67f81597d0ce940c28c145c31b5950b5efa544fbb77c1a46bfbe82c596ee94f9d8f347ab0678cd02bb

    Score
    10/10
    netwirebotnetratstealer

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks