af5f5520e428ff03c99d655b7d8968a659f788a6a93284e0121ce0814ebb38d8
General
Target
Size
Sample
af5f5520e428ff03c99d655b7d8968a659f788a6a93284e0121ce0814ebb38d8
154KB
220521-n76lmsege7
Score
10 /10
MD5
SHA1
SHA256
SHA512
a919abd1954ba7fbc64698888c51b109
64dd08e93b94e2cf5c69da11530e38467d43d637
af5f5520e428ff03c99d655b7d8968a659f788a6a93284e0121ce0814ebb38d8
092b8c6c69cff17ec8242d2977e285a26ed923c9534f5a41dc5319ab76ba145ec7dda5f887880e83a79bbfd3dc5c25bdcd5ee4c37581b6ce0c495fb948f27b91
Malware Config
Extracted
| Family | netwire |
| C2 |
iphanyi.duckdns.org:3360 |
| Attributes |
activex_autorun false
activex_key
copy_executable false
delete_original false
host_id SMS_Group
install_path
keylogger_dir %AppData%\Logs\
lock_executable false
mutex
offline_keylogger true
password caster123
registry_autorun false
startup_name
use_mutex false |
Targets
Target
MD5
Filesize
15-08-2020 - SOFT COPY_PAYMENT SLIP.exe
e792eb4a972110714df6761ef60284c6
234KB
Score
10/10
SHA1
SHA256
SHA512
91bb096d730ca536a0f18534acdec271bdd0eefa
b6f5a289ab47b790c1bc57a5a3b35871fc968da66ebb3fdd7669de18c2ba3dd5
40ebe7bd5b18845710cfb3116888d16da8a9fd6c1d53a39000103feac45c1dfeaa4efa05104072313973d5fb87b62b06ea3c697513b4303c45124d020b22eead
Tags
Signatures
-
NetWire RAT payload
-
Netwire
Description
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
Tags
-
Executes dropped EXE
-
Checks computer location settings
Description
Looks up country code configured in the registry, likely geofence.
TTPs
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks