Overview

overview

10

Static

static

47048f96c5...cb.exe

windows7_x64

10

47048f96c5...cb.exe

windows10-2004_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    47048f96c5d73e3b52b6cd80ed26e881ca615cc6d6d6ee1ab6994571e808b4cb

  • Size

    799KB

  • Sample

    220701-d69lssadhn

  • MD5

    b365940d50152d199c01212ec79af7e2

  • SHA1

    c4a69ce2c97e09501e89a41e539f075ab1795e6c

  • SHA256

    47048f96c5d73e3b52b6cd80ed26e881ca615cc6d6d6ee1ab6994571e808b4cb

  • SHA512

    1978b4758d4b0aca1429efb58ef411d5ee7bd95e9e14bcd6765398764d689e73587dc4d64374e46756a5ac6f3b962ef4be74db3be78e3edcf9e004dfb4f9e43a

Score
10/10
netwirebotnetpersistenceratstealer

Malware Config

Targets

    • Target

      47048f96c5d73e3b52b6cd80ed26e881ca615cc6d6d6ee1ab6994571e808b4cb

    • Size

      799KB

    • MD5

      b365940d50152d199c01212ec79af7e2

    • SHA1

      c4a69ce2c97e09501e89a41e539f075ab1795e6c

    • SHA256

      47048f96c5d73e3b52b6cd80ed26e881ca615cc6d6d6ee1ab6994571e808b4cb

    • SHA512

      1978b4758d4b0aca1429efb58ef411d5ee7bd95e9e14bcd6765398764d689e73587dc4d64374e46756a5ac6f3b962ef4be74db3be78e3edcf9e004dfb4f9e43a

    Score
    10/10
    netwirebotnetpersistenceratstealer

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks