Overview

overview

10

Static

static

a9331a4a15...6d.exe

windows7_x64

10

a9331a4a15...6d.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a9331a4a15cd17eecc6e067df4b9b0432830d84b8f15c7efb90c5e687193946d

  • Size

    567KB

  • Sample

    220625-nh1dbsacdl

  • MD5

    00f01b6a9cc43814edfa63c0e56cb580

  • SHA1

    d13c6ce3dd69375a7b1319c27fc594939f486e5e

  • SHA256

    a9331a4a15cd17eecc6e067df4b9b0432830d84b8f15c7efb90c5e687193946d

  • SHA512

    af257a55fd8d619912b57160a0840e1b3902ac57eaeec73e7e57d5c41ddb30de89f9e75a56341e4ea6c9064c0f1bfab6efe8bd30812779794971c769718188cf

Score
10/10
netwirebotnetpersistenceratstealer

Malware Config

Targets

    • Target

      a9331a4a15cd17eecc6e067df4b9b0432830d84b8f15c7efb90c5e687193946d

    • Size

      567KB

    • MD5

      00f01b6a9cc43814edfa63c0e56cb580

    • SHA1

      d13c6ce3dd69375a7b1319c27fc594939f486e5e

    • SHA256

      a9331a4a15cd17eecc6e067df4b9b0432830d84b8f15c7efb90c5e687193946d

    • SHA512

      af257a55fd8d619912b57160a0840e1b3902ac57eaeec73e7e57d5c41ddb30de89f9e75a56341e4ea6c9064c0f1bfab6efe8bd30812779794971c769718188cf

    Score
    10/10
    netwirebotnetratstealerpersistence

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks