3f3e54ed38565062b4d46d9ef8f1fa06c34cdf9ecf998ee6ec8d9b95160547ed

General
Target

3f3e54ed38565062b4d46d9ef8f1fa06c34cdf9ecf998ee6ec8d9b95160547ed

Size

1MB

Sample

220521-dm8kdsgaa6

Score
10 /10
MD5

085bf5edaa4f6ff34cd0bc143269395d

SHA1

a0760f24f47f0dcf3de907678afb64153f43e2af

SHA256

3f3e54ed38565062b4d46d9ef8f1fa06c34cdf9ecf998ee6ec8d9b95160547ed

SHA512

ae4f6344e6c4c84f83c80d9ec99e72d22d2853c51460df1402514839f8e272225fb8ab62f5bef4efa39652776155fd66d75b8c274243de6da70bbb3fd8ac99aa

Malware Config

Extracted

Family netwire
C2

winx.xcapdatap.capetown:7390

Attributes
activex_autorun
false
activex_key
copy_executable
false
delete_original
false
host_id
Jagz_$$$
install_path
keylogger_dir
%AppData%\Logs\
lock_executable
false
mutex
offline_keylogger
true
password
P@55w0rd!
registry_autorun
false
startup_name
use_mutex
false
Targets
Target

FADEX_16.EXE

MD5

33a4cfe431ca51de83e78a58a0ba4631

Filesize

291KB

Score
10/10
SHA1

ce870eae750f10ec50dcfba2850ba3e0b7d50be8

SHA256

f24e45d41404cdbd5b3e88ef39f6b047d062ade5cb3bddbe2ad40d5331e27210

SHA512

fb1569a7bdc839875024c8cf29d41f8166b346b3b512a806e6f40af697a3c3cb95526caabf1431ad22fcbe284bde177cd837a87db1decce87cb1316cf9f044a3

Tags

Signatures

  • NetWire RAT payload

    Tags

  • Netwire

    Description

    Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    Tags

  • ReZer0 packer

    Description

    Detects ReZer0, a packer with multiple versions used in various campaigns.

    Tags

  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query RegistrySystem Information Discovery
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      behavioral1

                      10/10

                      behavioral2

                      10/10