Overview

overview

10

Static

static

Bounced Cheque.exe

windows7_x64

10

Bounced Cheque.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b8d5d12dc7dd328e89b1d4acf0e6de974e8fe11c89acac4f216d64a7e10d7eab

  • Size

    394KB

  • Sample

    220520-qmd21adfb5

  • MD5

    f43078ecc500ddddbfec94ad843f9278

  • SHA1

    bb8d9d4628b8e92e43182149421f77b011018785

  • SHA256

    b8d5d12dc7dd328e89b1d4acf0e6de974e8fe11c89acac4f216d64a7e10d7eab

  • SHA512

    2a4c1b7bb4fe0c86ef66b1ba2cdedf235eb3f0ec3bcd705d3b03a7a3f87a70a17aff26d77be82171835648baa38f155d4b9daea34d279fb2858cde49db2d1c5c

Score
10/10
netwirebotnetratstealer

Malware Config

Extracted

Family

netwire

C2

iphanyi.duckdns.org:3360

Attributes
  • activex_autorun

    false

  • activex_key

  • copy_executable

    false

  • delete_original

    false

  • host_id

    SMS_Group

  • install_path

  • keylogger_dir

    %AppData%\Logs\

  • lock_executable

    false

  • mutex

  • offline_keylogger

    true

  • password

    caster123

  • registry_autorun

    false

  • startup_name

  • use_mutex

    false

Targets

    • Target

      Bounced Cheque.exe

    • Size

      745KB

    • MD5

      d0e7b058e35b998134e771b24f534b07

    • SHA1

      9711b4478564484da540866df48c117f9d96fd4f

    • SHA256

      249e738650027df7635aa70373e2e2f936eb58e1a208fdc8df9ee2f66e4cb9e3

    • SHA512

      7f1b2c67f375a6225754a65eba3bcaed355672553265d70e16c0da4fbbd81c27a07d728f4cfccb1458a7d75061aa8b0d562db8e0f58fb03b82fdd671534ad506

    Score
    10/10
    netwirebotnetratstealer

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks