Overview

overview

10

Static

static

INV87327328773232.exe

windows7-x64

10

INV87327328773232.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    INV87327328773232.exe

  • Size

    888KB

  • Sample

    220729-h68fysgafq

  • MD5

    018d11d4c98a8eae7cb309dea498dd53

  • SHA1

    a03fc82b8e4131a49ce8d2d89d896e1d872ca76c

  • SHA256

    7e25b98724cfdea64168e7d4cf3b34d534b43f1fcac3c0eae2a138bcea30344b

  • SHA512

    74265062eb6cfe492d5b08faa5b9a52c2f805191cc119644f6cbaa1f2a5dbaffc389d396ae4662ed208501aa5ceced5099a5c907f5b70f9278bbe5931f025714

Score
10/10
netwirebotnetratstealer

Malware Config

Extracted

Family

netwire

C2

149.102.132.253:3399

Attributes
  • activex_autorun

    false

  • copy_executable

    false

  • delete_original

    false

  • host_id

    HostId-%Rand%

  • lock_executable

    false

  • offline_keylogger

    false

  • password

    Password

  • registry_autorun

    false

  • use_mutex

    false

Targets

    • Target

      INV87327328773232.exe

    • Size

      888KB

    • MD5

      018d11d4c98a8eae7cb309dea498dd53

    • SHA1

      a03fc82b8e4131a49ce8d2d89d896e1d872ca76c

    • SHA256

      7e25b98724cfdea64168e7d4cf3b34d534b43f1fcac3c0eae2a138bcea30344b

    • SHA512

      74265062eb6cfe492d5b08faa5b9a52c2f805191cc119644f6cbaa1f2a5dbaffc389d396ae4662ed208501aa5ceced5099a5c907f5b70f9278bbe5931f025714

    Score
    10/10
    netwirebotnetratstealer

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks