Analysis
-
max time kernel
149s -
max time network
48s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
14-07-2022 08:27
General
-
Target
46e07df2583392c27aee10140e3080bdf398d5939bba230ed3948beceeba77f0.exe
-
Size
360KB
-
MD5
de4e8c84a62115236f579a3731b2eca4
-
SHA1
befc6dfd19a818a9012fdd438a39628783696713
-
SHA256
46e07df2583392c27aee10140e3080bdf398d5939bba230ed3948beceeba77f0
-
SHA512
d147f1a600ad3c7ad0e645ac2d077216b4bf12796e70e24ee1c8890190bb11d5041fd79d53daf88e46a7c2c044b9261e68b9d7b3f0f71cd11910748493bad232
Score
10/10
Malware Config
Extracted
Family
netwire
C2
wealthyman.brasilia.me:39560
Attributes
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
WEALTH
-
keylogger_dir
%AppData%\music\
-
lock_executable
false
-
offline_keylogger
true
-
password
sucess
-
registry_autorun
false
-
use_mutex
false
Signatures
-
NetWire RAT payload 2 IoCs
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Drops file in Windows directory 1 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of UnmapMainImage 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\46e07df2583392c27aee10140e3080bdf398d5939bba230ed3948beceeba77f0.exe"C:\Users\Admin\AppData\Local\Temp\46e07df2583392c27aee10140e3080bdf398d5939bba230ed3948beceeba77f0.exe"1⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of UnmapMainImage
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB
-
Filesize
176KB
-
Filesize
1.5MB
-
Filesize
1.3MB
-
Filesize
1.5MB