General

  • Target

    e7cddae953978be6b45011ccbde76cc209eb1bfb3976ba9e214a37df62e3e145

  • Size

    496KB

  • Sample

    220521-xxmkfscge2

  • MD5

    2e949fbd641fbb0b7a2faa128ddd3540

  • SHA1

    eac22a028a62c18391a452850d9c42fbb19b7fb8

  • SHA256

    e7cddae953978be6b45011ccbde76cc209eb1bfb3976ba9e214a37df62e3e145

  • SHA512

    93d326fc1f0bdace236773275b0969dc191e98979e6f353567bf8ca5479773bf8c811dd9b292136a6a1f2aa0999988c79567ef41f75dde5243ebd628582c1d78

Malware Config

Targets

    • Target

      e7cddae953978be6b45011ccbde76cc209eb1bfb3976ba9e214a37df62e3e145

    • Size

      496KB

    • MD5

      2e949fbd641fbb0b7a2faa128ddd3540

    • SHA1

      eac22a028a62c18391a452850d9c42fbb19b7fb8

    • SHA256

      e7cddae953978be6b45011ccbde76cc209eb1bfb3976ba9e214a37df62e3e145

    • SHA512

      93d326fc1f0bdace236773275b0969dc191e98979e6f353567bf8ca5479773bf8c811dd9b292136a6a1f2aa0999988c79567ef41f75dde5243ebd628582c1d78

    • NetWire RAT payload

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    • Modifies Installed Components in the registry

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

2
T1060

Defense Evasion

Modify Registry

2
T1112

Tasks