9dd9dcea8897935e1ad2495d33b9236228dac772ca825cc67c90938bb29aa419

General
Target

9dd9dcea8897935e1ad2495d33b9236228dac772ca825cc67c90938bb29aa419

Size

868KB

Sample

220521-w3ax6sagd9

Score
10 /10
MD5

f047630b6bdd86310d4576a63a94ada6

SHA1

d721cf61114d0015af33b877fea4b6620075f0a1

SHA256

9dd9dcea8897935e1ad2495d33b9236228dac772ca825cc67c90938bb29aa419

SHA512

96e5b54c71c8fa14408616f459b021f8e3309e95800b5ebafa87b7a1fdd1e5baa1961bacbde9f31f4155f146bf739b182b33b72de9c553c904cb2ccccc0a6cf5

Malware Config
Targets
Target

Proof Of Payment.exe

MD5

121b665f158aa269dfdd6d701c4af31d

Filesize

1021KB

Score
10/10
SHA1

81b94a9e9af1258dd5074adc7077c0fca2de7e79

SHA256

9e1de81ecb080a9d970953a62de72b6a83cc61776409098f1429c11032cbfa14

SHA512

af293c732eea9d928e9bcfefc35fbee68ad3af3392503dd3d051ef9dc54df630f6a5a965d364f255c9c25a19465e58ed630edc644eed99c370924aec837b5b68

Tags

Signatures

  • NetWire RAT payload

    Tags

  • Netwire

    Description

    Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    Tags

  • Executes dropped EXE

  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query RegistrySystem Information Discovery

  • Loads dropped DLL

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry

  • Suspicious use of SetThreadContext

Related Tasks

behavioral1behavioral2
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                  Privilege Escalation
                    Tasks

                    static1

                    behavioral1

                    10/10

                    behavioral2

                    10/10