e7cddae953978be6b45011ccbde76cc209eb1bfb3976ba9e214a37df62e3e145

General
Target

e7cddae953978be6b45011ccbde76cc209eb1bfb3976ba9e214a37df62e3e145

Size

496KB

Sample

220521-xxmkfscge2

Score
10 /10
MD5

2e949fbd641fbb0b7a2faa128ddd3540

SHA1

eac22a028a62c18391a452850d9c42fbb19b7fb8

SHA256

e7cddae953978be6b45011ccbde76cc209eb1bfb3976ba9e214a37df62e3e145

SHA512

93d326fc1f0bdace236773275b0969dc191e98979e6f353567bf8ca5479773bf8c811dd9b292136a6a1f2aa0999988c79567ef41f75dde5243ebd628582c1d78

Malware Config
Targets
Target

e7cddae953978be6b45011ccbde76cc209eb1bfb3976ba9e214a37df62e3e145

MD5

2e949fbd641fbb0b7a2faa128ddd3540

Filesize

496KB

Score
10/10
SHA1

eac22a028a62c18391a452850d9c42fbb19b7fb8

SHA256

e7cddae953978be6b45011ccbde76cc209eb1bfb3976ba9e214a37df62e3e145

SHA512

93d326fc1f0bdace236773275b0969dc191e98979e6f353567bf8ca5479773bf8c811dd9b292136a6a1f2aa0999988c79567ef41f75dde5243ebd628582c1d78

Tags

Signatures

  • NetWire RAT payload

    Tags

  • Netwire

    Description

    Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    Tags

  • Modifies Installed Components in the registry

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Privilege Escalation
                      Tasks

                      static1