General

  • Target

    b2069e643e0a48cb2f2e8e4eab1e3d9701c29155b13d783fe0fef061dd9d5145

  • Size

    285KB

  • Sample

    220521-w23lsseahl

  • MD5

    b6d707ff8e7b46ac372a3b2f8c0197d0

  • SHA1

    5e0a89349d98a6f81d1b9517dd5d51ffe950e0d7

  • SHA256

    b2069e643e0a48cb2f2e8e4eab1e3d9701c29155b13d783fe0fef061dd9d5145

  • SHA512

    f7303b63206e35468ed176e6da5264877793632bb62b2bee662c554f9ae574d00e9aabc476b14a08814f68dfe9bcc369f46a421c007a78e4ef0d65e02d5fe84c

Malware Config

Targets

    • Target

      Dachser Consulta de cliente saliente no. 000150849 - SKBMT03082020-0012-IMG0149.exe

    • Size

      686KB

    • MD5

      6998ca30e81c5ae0fda8e67ced0e2cbd

    • SHA1

      3977c48bae879d9f28c741645f7eb1571caf3bcf

    • SHA256

      dfc8f0a7456a2b40908d901c2468d372bd859abda04e50ef4cf45ec84668cdcb

    • SHA512

      ca61bc204bcc8d1dbce6711ca001bef26418163507583689189790459e210363c19b2eec7e360dec1c8fcdd6dc35074a92eee4823628e88d5589b25a00fe42df

    • NetWire RAT payload

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

            Execution

              Exfiltration

                Impact

                  Initial Access

                    Lateral Movement

                      Persistence

                        Privilege Escalation