General

  • Target

    432f4e914584d84c4a4cea43b3ac6d9ad24270891ed598b15216cc32130699d3

  • Size

    1.1MB

  • Sample

    220707-3py66sghel

  • MD5

    36f02cc5f6ad8a9cbf1f779b6fa56277

  • SHA1

    6e9e90287c2dacb932f969c1e6201c2238bdace4

  • SHA256

    432f4e914584d84c4a4cea43b3ac6d9ad24270891ed598b15216cc32130699d3

  • SHA512

    ad85647f3ff10c65824671ad71f7da062abf5520b8b5f0d5d1590dc2a0ec6c2008300a5f6d972dd0400447d0eeeb7f1fc18b828a783c3c78cc58b987fc185ae6

Malware Config

Extracted

Family

netwire

C2

79.134.225.73:1968

Attributes
  • activex_autorun

    false

  • copy_executable

    false

  • delete_original

    false

  • host_id

    pd1n9

  • lock_executable

    false

  • mutex

    KHAtGUwc

  • offline_keylogger

    false

  • password

    Kimbolsapoq!P13

  • registry_autorun

    false

  • use_mutex

    true

Targets

    • Target

      432f4e914584d84c4a4cea43b3ac6d9ad24270891ed598b15216cc32130699d3

    • Size

      1.1MB

    • MD5

      36f02cc5f6ad8a9cbf1f779b6fa56277

    • SHA1

      6e9e90287c2dacb932f969c1e6201c2238bdace4

    • SHA256

      432f4e914584d84c4a4cea43b3ac6d9ad24270891ed598b15216cc32130699d3

    • SHA512

      ad85647f3ff10c65824671ad71f7da062abf5520b8b5f0d5d1590dc2a0ec6c2008300a5f6d972dd0400447d0eeeb7f1fc18b828a783c3c78cc58b987fc185ae6

    • NetWire RAT payload

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks