Overview

overview

10

Static

static

Invoice #08 1232.exe

windows7-x64

10

Invoice #08 1232.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Invoice #08 1232.exe

  • Size

    1.0MB

  • Sample

    220716-rgj7hadbaq

  • MD5

    1ff3931b973f49044b0721f73ac067f1

  • SHA1

    97bfeed429c997b3a254fae324e68cfed9cd8d22

  • SHA256

    24093405b5488debd355b39f704bfc4beddc4c60ebec6d56e0c7b25e29a7758a

  • SHA512

    9f9896ba6834d8b3c563df160105864c5e2c7b23958bf7d1395628b8e95edc68606920b66e68e6bf47c2f399ed55419b37a3a3aefc792ba6d8aba2dbc72207a4

Score
10/10
netwirebotnetratstealer

Malware Config

Targets

    • Target

      Invoice #08 1232.exe

    • Size

      1.0MB

    • MD5

      1ff3931b973f49044b0721f73ac067f1

    • SHA1

      97bfeed429c997b3a254fae324e68cfed9cd8d22

    • SHA256

      24093405b5488debd355b39f704bfc4beddc4c60ebec6d56e0c7b25e29a7758a

    • SHA512

      9f9896ba6834d8b3c563df160105864c5e2c7b23958bf7d1395628b8e95edc68606920b66e68e6bf47c2f399ed55419b37a3a3aefc792ba6d8aba2dbc72207a4

    Score
    10/10
    netwirebotnetratstealer

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks