30a798f90d068468a49bda1cf1dc25d8a89b6ff3acdcf3715f852bf5aba48d7f

General
Target

30a798f90d068468a49bda1cf1dc25d8a89b6ff3acdcf3715f852bf5aba48d7f

Size

260KB

Sample

220520-xd4dvsfcfm

Score
10 /10
MD5

5d0b535797bcd3fd8b482e250e339aa6

SHA1

71d95bf3290b7f39498cd20fb983feb46f6a6d5c

SHA256

30a798f90d068468a49bda1cf1dc25d8a89b6ff3acdcf3715f852bf5aba48d7f

SHA512

ab297abcfcc8a85d59dcd749ea0eeee8ea6f8e47a78a2c99ef70f1691385109981b587dbad44391ca3fbea0a36d117c1bc2aa408475e5ef741fb8e5461075392

Malware Config
Targets
Target

30a798f90d068468a49bda1cf1dc25d8a89b6ff3acdcf3715f852bf5aba48d7f

MD5

5d0b535797bcd3fd8b482e250e339aa6

Filesize

260KB

Score
10/10
SHA1

71d95bf3290b7f39498cd20fb983feb46f6a6d5c

SHA256

30a798f90d068468a49bda1cf1dc25d8a89b6ff3acdcf3715f852bf5aba48d7f

SHA512

ab297abcfcc8a85d59dcd749ea0eeee8ea6f8e47a78a2c99ef70f1691385109981b587dbad44391ca3fbea0a36d117c1bc2aa408475e5ef741fb8e5461075392

Tags

Signatures

  • NetWire RAT payload

    Tags

  • Netwire

    Description

    Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    Tags

  • Executes dropped EXE

  • Modifies Installed Components in the registry

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query RegistrySystem Information Discovery
  • Loads dropped DLL

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks

                    static1