Overview

overview

10

Static

static

10

805e8fc90c...e1.exe

windows7_x64

10

805e8fc90c...e1.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    805e8fc90c8d7a776ab8a059633fac022fbc6cd5f67de86b292c40905386dee1

  • Size

    127KB

  • Sample

    220625-jyygfseeg2

  • MD5

    845c81cbad71cadfcf7d9e40c99485d2

  • SHA1

    559313e5076c20803f3d3bc5905591af5e9453ee

  • SHA256

    805e8fc90c8d7a776ab8a059633fac022fbc6cd5f67de86b292c40905386dee1

  • SHA512

    f42ed523c6c94d065ea141e0f9d6c9c7a7406ce7fdffabfa0073ba00cb9c05a2c891f0764d91f05caa289cf8983fd5242eb638dbb86006ac48a2041b3e80d8f3

Score
10/10
netwirebotnetpersistenceratstealer

Malware Config

Targets

    • Target

      805e8fc90c8d7a776ab8a059633fac022fbc6cd5f67de86b292c40905386dee1

    • Size

      127KB

    • MD5

      845c81cbad71cadfcf7d9e40c99485d2

    • SHA1

      559313e5076c20803f3d3bc5905591af5e9453ee

    • SHA256

      805e8fc90c8d7a776ab8a059633fac022fbc6cd5f67de86b292c40905386dee1

    • SHA512

      f42ed523c6c94d065ea141e0f9d6c9c7a7406ce7fdffabfa0073ba00cb9c05a2c891f0764d91f05caa289cf8983fd5242eb638dbb86006ac48a2041b3e80d8f3

    Score
    10/10
    netwirebotnetpersistenceratstealer

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks