Overview

overview

10

Static

static

86c71d494c...3d.exe

windows7_x64

10

86c71d494c...3d.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    86c71d494cab5c45481d958dc3c2a5c98739ca6b26d76fad33eeda5821b54b3d

  • Size

    3.2MB

  • Sample

    220625-v5tydsfgg7

  • MD5

    b8a9c7e281ca8201f517148ddd307437

  • SHA1

    d4d48ecfa192607d86812a66d3190185cde3693f

  • SHA256

    86c71d494cab5c45481d958dc3c2a5c98739ca6b26d76fad33eeda5821b54b3d

  • SHA512

    1a33b353bd8437b025aee9d73f6ac05bfe8fb96105908c317396de827013ee52b7e9796f8ad745b11d512062196f948aa0bc584742da68645c69839fb93fcefe

Score
10/10
netwirebotnetpersistenceratstealer

Malware Config

Targets

    • Target

      86c71d494cab5c45481d958dc3c2a5c98739ca6b26d76fad33eeda5821b54b3d

    • Size

      3.2MB

    • MD5

      b8a9c7e281ca8201f517148ddd307437

    • SHA1

      d4d48ecfa192607d86812a66d3190185cde3693f

    • SHA256

      86c71d494cab5c45481d958dc3c2a5c98739ca6b26d76fad33eeda5821b54b3d

    • SHA512

      1a33b353bd8437b025aee9d73f6ac05bfe8fb96105908c317396de827013ee52b7e9796f8ad745b11d512062196f948aa0bc584742da68645c69839fb93fcefe

    Score
    10/10
    netwirebotnetpersistenceratstealer

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks