629ac7f51d1bb60d65dbf55694c25bc01681d5fd349fca17b0aef9ddd8ad049e

General
Target

629ac7f51d1bb60d65dbf55694c25bc01681d5fd349fca17b0aef9ddd8ad049e

Size

245KB

Sample

220521-btmkdsfecj

Score
10 /10
MD5

f6bd9a111b3d59431c688b1a41a0681d

SHA1

0173f368a929238110b6cff5ef05e17f35c6761e

SHA256

629ac7f51d1bb60d65dbf55694c25bc01681d5fd349fca17b0aef9ddd8ad049e

SHA512

6ccaa07cae981015f281f8b1cb7a9602ebf1a6089bb8b28f37d5d26dc91a5518f4c0e89b6c1dd033c07cac72e61c90e7d22998b3c4cf5340840f01e72ef8810d

Malware Config

Extracted

Family netwire
C2

ichie02.ddns.net:3360

84.38.135.207:3360

Attributes
activex_autorun
false
activex_key
copy_executable
true
delete_original
true
host_id
ICHIE007
install_path
%AppData%\Install\Host.exe
keylogger_dir
%AppData%\Logs\
lock_executable
false
mutex
AcYrNKLE
offline_keylogger
true
password
Password
registry_autorun
false
startup_name
use_mutex
true
Targets
Target

#204811.exe

MD5

1fb35d8aa5797fbbc4225a095c106552

Filesize

287KB

Score
10/10
SHA1

cb08a463884542659aa9856d2dd0dd8e5d3f31cb

SHA256

fc70d13e41ab6c3d36b72e329549c48e70767e37b06c5bbe7284896e935c6815

SHA512

aeb871ca5da00328c3f5742bef2ccd6715f27c76f62db47118237312801f1b7b9672afa5becc67f01d50bc887f80b92cde80c7242468ddf55f5660774d7884bc

Tags

Signatures

  • NetWire RAT payload

    Tags

  • Netwire

    Description

    Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    Tags

  • Executes dropped EXE

  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query RegistrySystem Information Discovery
  • Loads dropped DLL

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      behavioral1

                      10/10

                      behavioral2

                      10/10