af5f5520e428ff03c99d655b7d8968a659f788a6a93284e0121ce0814ebb38d8

General
Target

af5f5520e428ff03c99d655b7d8968a659f788a6a93284e0121ce0814ebb38d8

Size

154KB

Sample

220521-n76lmsege7

Score
10 /10
MD5

a919abd1954ba7fbc64698888c51b109

SHA1

64dd08e93b94e2cf5c69da11530e38467d43d637

SHA256

af5f5520e428ff03c99d655b7d8968a659f788a6a93284e0121ce0814ebb38d8

SHA512

092b8c6c69cff17ec8242d2977e285a26ed923c9534f5a41dc5319ab76ba145ec7dda5f887880e83a79bbfd3dc5c25bdcd5ee4c37581b6ce0c495fb948f27b91

Malware Config

Extracted

Family netwire
C2

iphanyi.duckdns.org:3360

Attributes
activex_autorun
false
activex_key
copy_executable
false
delete_original
false
host_id
SMS_Group
install_path
keylogger_dir
%AppData%\Logs\
lock_executable
false
mutex
offline_keylogger
true
password
caster123
registry_autorun
false
startup_name
use_mutex
false
Targets
Target

15-08-2020 - SOFT COPY_PAYMENT SLIP.exe

MD5

e792eb4a972110714df6761ef60284c6

Filesize

234KB

Score
10/10
SHA1

91bb096d730ca536a0f18534acdec271bdd0eefa

SHA256

b6f5a289ab47b790c1bc57a5a3b35871fc968da66ebb3fdd7669de18c2ba3dd5

SHA512

40ebe7bd5b18845710cfb3116888d16da8a9fd6c1d53a39000103feac45c1dfeaa4efa05104072313973d5fb87b62b06ea3c697513b4303c45124d020b22eead

Tags

Signatures

  • NetWire RAT payload

    Tags

  • Netwire

    Description

    Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    Tags

  • Executes dropped EXE

  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query RegistrySystem Information Discovery
  • Loads dropped DLL

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        behavioral1

                        10/10

                        behavioral2

                        10/10