Overview

overview

10

Static

static

price list...02.exe

windows7_x64

10

price list...02.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6bf7a02ebe31fe6c8077ea42a7b1b18bfdc4772d2fa085f1878032271a9607d7

  • Size

    277KB

  • Sample

    220521-anvhdaddhr

  • MD5

    f8e67a9cfa45f8ef61492b9d10421b09

  • SHA1

    33eec802f0d050e184d0adbbe6d940c88f1bf0c6

  • SHA256

    6bf7a02ebe31fe6c8077ea42a7b1b18bfdc4772d2fa085f1878032271a9607d7

  • SHA512

    02ce8f9c8420cc22415fd0a2f15a291bdee3393fc565b4c3dca35f7dcd740ebbff825a750ca0bc297a0c94d947f8e6f24df4fc82b4f27bce222c5a3186ac4dc7

Score
10/10
netwirebotnetratstealer

Malware Config

Extracted

Family

netwire

C2

evapimp.myq-see.com:2424

Attributes
  • activex_autorun

    false

  • activex_key

  • copy_executable

    false

  • delete_original

    false

  • host_id

    NEW

  • install_path

  • keylogger_dir

  • lock_executable

    true

  • mutex

    VtbDeAKY

  • offline_keylogger

    false

  • password

    evapimp

  • registry_autorun

    false

  • startup_name

  • use_mutex

    true

Targets

    • Target

      price list #6037202402.exe

    • Size

      465KB

    • MD5

      11f3c8f49b52ecd77b870057a2f8dd00

    • SHA1

      dadc32acb4b67cb9598e5151882f058d54186f29

    • SHA256

      0b8ba4df26521faa54246fbb3b1a32726c379453d19435663100222cc4784558

    • SHA512

      3aac759d256df44bf269eaa9c926d8af9940672601780b48e8fc9f2c46f8aafc5d9b4436521d413e9918afbab4fdefca9936860a490e566abe62d18e54c2be7a

    Score
    10/10
    netwirebotnetratstealer

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks