629ac7f51d1bb60d65dbf55694c25bc01681d5fd349fca17b0aef9ddd8ad049e
General
Target
Size
Sample
629ac7f51d1bb60d65dbf55694c25bc01681d5fd349fca17b0aef9ddd8ad049e
245KB
220521-btmkdsfecj
Score
10 /10
MD5
SHA1
SHA256
SHA512
f6bd9a111b3d59431c688b1a41a0681d
0173f368a929238110b6cff5ef05e17f35c6761e
629ac7f51d1bb60d65dbf55694c25bc01681d5fd349fca17b0aef9ddd8ad049e
6ccaa07cae981015f281f8b1cb7a9602ebf1a6089bb8b28f37d5d26dc91a5518f4c0e89b6c1dd033c07cac72e61c90e7d22998b3c4cf5340840f01e72ef8810d
Malware Config
Extracted
| Family | netwire |
| C2 |
ichie02.ddns.net:3360 84.38.135.207:3360 |
| Attributes |
activex_autorun false
activex_key
copy_executable true
delete_original true
host_id ICHIE007
install_path %AppData%\Install\Host.exe
keylogger_dir %AppData%\Logs\
lock_executable false
mutex AcYrNKLE
offline_keylogger true
password Password
registry_autorun false
startup_name
use_mutex true |
Targets
Target
MD5
Filesize
#204811.exe
1fb35d8aa5797fbbc4225a095c106552
287KB
Score
10/10
SHA1
SHA256
SHA512
cb08a463884542659aa9856d2dd0dd8e5d3f31cb
fc70d13e41ab6c3d36b72e329549c48e70767e37b06c5bbe7284896e935c6815
aeb871ca5da00328c3f5742bef2ccd6715f27c76f62db47118237312801f1b7b9672afa5becc67f01d50bc887f80b92cde80c7242468ddf55f5660774d7884bc
Tags
Signatures
-
NetWire RAT payload
-
Netwire
Description
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
Tags
-
Executes dropped EXE
-
Checks computer location settings
Description
Looks up country code configured in the registry, likely geofence.
TTPs
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks