Overview

overview

10

Static

static

5

26989aa946...d1.exe

windows7_x64

10

26989aa946...d1.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    26989aa946a3c511b62b809bb98c2c7cf947ca5bfad628873ab3f6b94297b7d1

  • Size

    1.0MB

  • Sample

    220616-jtbrwshggm

  • MD5

    05bb8a97d369164689119bbe0b3327fc

  • SHA1

    be35eb99fb18487aec83a2f5dc954a691c9b4e0f

  • SHA256

    26989aa946a3c511b62b809bb98c2c7cf947ca5bfad628873ab3f6b94297b7d1

  • SHA512

    601083c187904f7723204d071070ff297549a712c6afb9b21e763f372b81d29b18ea60ba7d27357f6f0792bbbe47511bb9f7fddc667fd5b6300ae6d200c57702

Score
10/10
netwirebotnetratstealer

Malware Config

Targets

    • Target

      26989aa946a3c511b62b809bb98c2c7cf947ca5bfad628873ab3f6b94297b7d1

    • Size

      1.0MB

    • MD5

      05bb8a97d369164689119bbe0b3327fc

    • SHA1

      be35eb99fb18487aec83a2f5dc954a691c9b4e0f

    • SHA256

      26989aa946a3c511b62b809bb98c2c7cf947ca5bfad628873ab3f6b94297b7d1

    • SHA512

      601083c187904f7723204d071070ff297549a712c6afb9b21e763f372b81d29b18ea60ba7d27357f6f0792bbbe47511bb9f7fddc667fd5b6300ae6d200c57702

    Score
    10/10
    netwirebotnetratstealer

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Drops startup file

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks