General

  • Target

    5b010f3d81b0e6cd34af27a73b183b0980112fc31f03b2a3192cc34f5e90341b

  • Size

    128KB

  • Sample

    220802-btl9maefhn

  • MD5

    741148fc8532265614a22308f2bb8057

  • SHA1

    c6923ae06a24a0acda890eccfa91fc298a3e08a6

  • SHA256

    5b010f3d81b0e6cd34af27a73b183b0980112fc31f03b2a3192cc34f5e90341b

  • SHA512

    b3cd30cf6077469eb21678ed235d7ddafadac6d8cd5256764cbf1513e29f00e8535bc45534205ded4daeeb144da72f8778e755282b9845732058a6a1e0ed94f0

Malware Config

Targets

    • Target

      5b010f3d81b0e6cd34af27a73b183b0980112fc31f03b2a3192cc34f5e90341b

    • Size

      128KB

    • MD5

      741148fc8532265614a22308f2bb8057

    • SHA1

      c6923ae06a24a0acda890eccfa91fc298a3e08a6

    • SHA256

      5b010f3d81b0e6cd34af27a73b183b0980112fc31f03b2a3192cc34f5e90341b

    • SHA512

      b3cd30cf6077469eb21678ed235d7ddafadac6d8cd5256764cbf1513e29f00e8535bc45534205ded4daeeb144da72f8778e755282b9845732058a6a1e0ed94f0

    • NetWire RAT payload

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    • Executes dropped EXE

    • Modifies Installed Components in the registry

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

2
T1060

Defense Evasion

Modify Registry

2
T1112

Tasks