Overview

overview

10

Static

static

5

?????? ???????.exe

windows7_x64

10

?????? ???????.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    55bbd2340d906fdf793f26e92a939659d98b759ed0f1e3d0a0761783e82ef1d1

  • Size

    741KB

  • Sample

    220521-w26nfsagd5

  • MD5

    de692780361d7921220b1c1afe210f2e

  • SHA1

    e787ebca13fc7d1514bdaa9abfc82751dad75106

  • SHA256

    55bbd2340d906fdf793f26e92a939659d98b759ed0f1e3d0a0761783e82ef1d1

  • SHA512

    6ff0615556fcf517a896c8486ec20a2e93891d534c9c13f7ffe641456ba00d33fcbc61c21cf88dff7d09af21a9a686d7e3cf9be8c0591a065ff26e061e243c65

Score
10/10
netwirebotnetratstealer

Malware Config

Extracted

Family

netwire

C2

justhungry.theworkpc.com:3367

Attributes
  • activex_autorun

    false

  • activex_key

  • copy_executable

    false

  • delete_original

    false

  • host_id

    test

  • install_path

  • keylogger_dir

    %AppData%\Logs\

  • lock_executable

    true

  • mutex

    rXrItmjS

  • offline_keylogger

    true

  • password

    Password

  • registry_autorun

    false

  • startup_name

  • use_mutex

    true

Targets

    • Target

      ?????? ???????.pif

    • Size

      1.1MB

    • MD5

      078e87a6f5ff6b6b704a123fc7214472

    • SHA1

      b2e08a685ef595582d7b3579066ba5172ae97293

    • SHA256

      cf3b59c22659d7931cf9d0338d57af01d63fbb8363ebc4c86be884194ef62e40

    • SHA512

      5da4e95e827ce1a34f5d04da9699395853d6f2f8ec3ce951ed9b0caa0820686e98d3c31ed833d71158da27109f44645a2f834f334691fd4a7a53ce23caebd21f

    Score
    10/10
    netwirebotnetratstealer

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks