General

  • Target

    b8f79f47c3cbbeb14ad95220ba63dc3ab974dbad8017f347879254113d4b0df2

  • Size

    106KB

  • Sample

    220701-f8peraeagl

  • MD5

    4db71ada85487da2cc2dc248736ddb43

  • SHA1

    cf981bbdfde226ddfc7a6e23d6ba47aec6a196d2

  • SHA256

    b8f79f47c3cbbeb14ad95220ba63dc3ab974dbad8017f347879254113d4b0df2

  • SHA512

    98327c2430586c9cfa33bc3b6a5921f71e68d5756e1fca0ba88e5c4e28ac50af3267ef2b77516a788f334ddc709c8fd8a9be2aeef239928766810bda61f4e68b

Malware Config

Targets

    • Target

      b8f79f47c3cbbeb14ad95220ba63dc3ab974dbad8017f347879254113d4b0df2

    • Size

      106KB

    • MD5

      4db71ada85487da2cc2dc248736ddb43

    • SHA1

      cf981bbdfde226ddfc7a6e23d6ba47aec6a196d2

    • SHA256

      b8f79f47c3cbbeb14ad95220ba63dc3ab974dbad8017f347879254113d4b0df2

    • SHA512

      98327c2430586c9cfa33bc3b6a5921f71e68d5756e1fca0ba88e5c4e28ac50af3267ef2b77516a788f334ddc709c8fd8a9be2aeef239928766810bda61f4e68b

    • NetWire RAT payload

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    • Executes dropped EXE

    • Modifies Installed Components in the registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

2
T1060

Defense Evasion

Modify Registry

2
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks