1c61c1b5a0420e288ba79646b6008774fefa4ba11399485637cb9bc7afcb9cc9

General
Target

1c61c1b5a0420e288ba79646b6008774fefa4ba11399485637cb9bc7afcb9cc9

Size

449KB

Sample

220521-a6bszsedbj

Score
10 /10
MD5

61fd67760b27ff651d40edd85da49e00

SHA1

31858941e2066d2246a8b98c8c64ef520c902adb

SHA256

1c61c1b5a0420e288ba79646b6008774fefa4ba11399485637cb9bc7afcb9cc9

SHA512

9b0fc7680b2c84d908e9fa82f4fd1f92ccf28a7789a7f8d34e4d7f71a970e33d3daae3e936abc29a510fd0db2f21eca0497f78f40aa9dae2f170ee24e938fdf5

Malware Config
Targets
Target

detail-information.exe

MD5

07591af2349f8ebc5789fcb0b60c7c91

Filesize

494KB

Score
10/10
SHA1

828bcdd3d1e32d2ed0b0660fc92f41a562d4d466

SHA256

b50a0ea3d467e25e9c1917668e10f70e67434e468fcecbb1d3a927a3f105dbfa

SHA512

8bc1068c0d85f62176fe8e23ec23ecbcfaa1296d379c26ff5fe7ee274c5ef7d12b7a1fec44941eca9841af17c61c5c1b3ad50739fb5d5baadd72bf2feef48ad3

Tags

Signatures

  • NetWire RAT payload

    Tags

  • Netwire

    Description

    Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    Tags

  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query RegistrySystem Information Discovery
  • Drops startup file

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        behavioral1

                        10/10

                        behavioral2

                        10/10