Overview

overview

10

Static

static

4a7c6e787c...e2.exe

windows7_x64

10

4a7c6e787c...e2.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4a7c6e787cf6966b64d4508d819bed0b471fd000109d21f75fc24c8ff27179e2

  • Size

    192KB

  • Sample

    220712-qb52caebf3

  • MD5

    3418826851949397cfe0eaabdae096b6

  • SHA1

    c2359e7f541fe307cbe40c8b18c128ceee97a31c

  • SHA256

    4a7c6e787cf6966b64d4508d819bed0b471fd000109d21f75fc24c8ff27179e2

  • SHA512

    8af579b892e077c9941ac73bdd350181f1920d95a1d578a2bb305f29b309c67dd46822ef3a9411cb7e469469666badfd23210f2533c9f5dbdfcde9a175134dbd

Score
10/10
netwirebotnetpersistenceratstealer

Malware Config

Targets

    • Target

      4a7c6e787cf6966b64d4508d819bed0b471fd000109d21f75fc24c8ff27179e2

    • Size

      192KB

    • MD5

      3418826851949397cfe0eaabdae096b6

    • SHA1

      c2359e7f541fe307cbe40c8b18c128ceee97a31c

    • SHA256

      4a7c6e787cf6966b64d4508d819bed0b471fd000109d21f75fc24c8ff27179e2

    • SHA512

      8af579b892e077c9941ac73bdd350181f1920d95a1d578a2bb305f29b309c67dd46822ef3a9411cb7e469469666badfd23210f2533c9f5dbdfcde9a175134dbd

    Score
    10/10
    netwirebotnetpersistenceratstealer

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Executes dropped EXE

    • Modifies Installed Components in the registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks