Overview

overview

10

Static

static

CONTRACT-H...22.exe

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    CONTRACT-HSB7555-07-22.bin.zip

  • Size

    521KB

  • Sample

    220726-cqpe9achek

  • MD5

    01ab365597f603fcd04a07011202f5c5

  • SHA1

    1cf49b0f93edd5a49fc11aa4bfd728f6dc8466f2

  • SHA256

    8504e5e5723b427002e86b953ff6414ef960af74818f359a0d93084c974f800b

  • SHA512

    b7c19734054d20e28f99ce47aa3a1881c747875efd0e38687a1f21ade7b4f64f9472f934efb91e305b32f687d8d6c8f92771cb7ae617c854bb03c43a6d8d072a

Score
10/10
netwirebotnetratstealer

Malware Config

Extracted

Family

netwire

C2

37.0.14.206:3384

Attributes
  • activex_autorun

    false

  • copy_executable

    true

  • delete_original

    false

  • host_id

    HostId-%Rand%

  • install_path

    %AppData%\Install\Host.exe

  • keylogger_dir

    %AppData%\Logs\

  • lock_executable

    true

  • offline_keylogger

    true

  • password

    Password234

  • registry_autorun

    false

  • use_mutex

    false

Targets

    • Target

      CONTRACT-HSB7555-07-22.bin

    • Size

      574KB

    • MD5

      ab250d08a1c4628ecdb5f067c4219e7d

    • SHA1

      ca73fb0aa8e1d5d9e125eecf8ebc13612e773765

    • SHA256

      a832f30bbb32bcf5c4138d8058214e47ea72a6fe10d448dbea5fbc84e1ce375b

    • SHA512

      61dadbcdeac15afcd0f34f55333c9ce5aa35d9afff3c70d0aff2b9694d4f252def58abe5d07d235ca902782c99715511898a1ffc973b8e584e57936e431c7f4f

    Score
    10/10
    netwirebotnetratstealer

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks