Overview

overview

10

Static

static

detail-inf...on.exe

windows7_x64

10

detail-inf...on.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1c61c1b5a0420e288ba79646b6008774fefa4ba11399485637cb9bc7afcb9cc9

  • Size

    449KB

  • Sample

    220521-a6bszsedbj

  • MD5

    61fd67760b27ff651d40edd85da49e00

  • SHA1

    31858941e2066d2246a8b98c8c64ef520c902adb

  • SHA256

    1c61c1b5a0420e288ba79646b6008774fefa4ba11399485637cb9bc7afcb9cc9

  • SHA512

    9b0fc7680b2c84d908e9fa82f4fd1f92ccf28a7789a7f8d34e4d7f71a970e33d3daae3e936abc29a510fd0db2f21eca0497f78f40aa9dae2f170ee24e938fdf5

Score
10/10
netwirebotnetratstealer

Malware Config

Targets

    • Target

      detail-information.exe

    • Size

      494KB

    • MD5

      07591af2349f8ebc5789fcb0b60c7c91

    • SHA1

      828bcdd3d1e32d2ed0b0660fc92f41a562d4d466

    • SHA256

      b50a0ea3d467e25e9c1917668e10f70e67434e468fcecbb1d3a927a3f105dbfa

    • SHA512

      8bc1068c0d85f62176fe8e23ec23ecbcfaa1296d379c26ff5fe7ee274c5ef7d12b7a1fec44941eca9841af17c61c5c1b3ad50739fb5d5baadd72bf2feef48ad3

    Score
    10/10
    netwirebotnetratstealer

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks