General

  • Target

    5b306051572e98d941361eeeadc36d7e5b86d3dd77cc7509d3b31d0ea72bd560

  • Size

    1MB

  • Sample

    220701-gqp41aehgr

  • MD5

    e62f8a85b1e75c93e6c2243a5dbf1231

  • SHA1

    b886d3d8ccb08fce8a3552908c52753bf803d2d9

  • SHA256

    5b306051572e98d941361eeeadc36d7e5b86d3dd77cc7509d3b31d0ea72bd560

  • SHA512

    b118870a51e5ddee68d44adf868c8508c6479bc3d44ed794161c36b0cf786c2ccfd7695dacb3b5206c622c4ff68247a1e3b880db11d2f6acd6800fb7b3731934

Malware Config

Targets

    • Target

      5b306051572e98d941361eeeadc36d7e5b86d3dd77cc7509d3b31d0ea72bd560

    • Size

      1MB

    • MD5

      e62f8a85b1e75c93e6c2243a5dbf1231

    • SHA1

      b886d3d8ccb08fce8a3552908c52753bf803d2d9

    • SHA256

      5b306051572e98d941361eeeadc36d7e5b86d3dd77cc7509d3b31d0ea72bd560

    • SHA512

      b118870a51e5ddee68d44adf868c8508c6479bc3d44ed794161c36b0cf786c2ccfd7695dacb3b5206c622c4ff68247a1e3b880db11d2f6acd6800fb7b3731934

    • NetWire RAT payload

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops startup file

    • Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks