Overview

overview

10

Static

static

SecuriteIn...92.exe

windows7-x64

10

SecuriteIn...92.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Trojan.Mardom.MN.10.9492.28218

  • Size

    412KB

  • Sample

    220725-lwmnaabcg4

  • MD5

    afa993ae036de690642a6275a3053ede

  • SHA1

    b2bdb616a2f6b8eb2c59340ede249e1b109ba5e7

  • SHA256

    214751a0d73e0aa9a6f5c010fd3c4fd45d5a2e4f96db8c2875355c399ff3a5bc

  • SHA512

    a1f7737a09762d69383db25e32284b1682d71c974767329537e10873703bc0ec2ac4ef310dd53633efc74f498dc2ceef78de9196f12a9039a3a5daf36633a36b

Score
10/10
netwirebotnetratstealer

Malware Config

Extracted

Family

netwire

C2

194.5.98.178:3384

194.5.98.178:3385
Attributes
  • activex_autorun

    false

  • copy_executable

    false

  • delete_original

    false

  • host_id

    HostId-%Rand%

  • keylogger_dir

    %AppData%\Logs\

  • lock_executable

    false

  • offline_keylogger

    true

  • password

    lovewin1

  • registry_autorun

    false

  • use_mutex

    false

Targets

    • Target

      SecuriteInfo.com.Trojan.Mardom.MN.10.9492.28218

    • Size

      412KB

    • MD5

      afa993ae036de690642a6275a3053ede

    • SHA1

      b2bdb616a2f6b8eb2c59340ede249e1b109ba5e7

    • SHA256

      214751a0d73e0aa9a6f5c010fd3c4fd45d5a2e4f96db8c2875355c399ff3a5bc

    • SHA512

      a1f7737a09762d69383db25e32284b1682d71c974767329537e10873703bc0ec2ac4ef310dd53633efc74f498dc2ceef78de9196f12a9039a3a5daf36633a36b

    Score
    10/10
    netwirebotnetratstealer

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks