General

  • Target

    8f98297f190db64c6c1bb9b85b78eca5.exe

  • Size

    273KB

  • Sample

    220802-wcajqaafhr

  • MD5

    8f98297f190db64c6c1bb9b85b78eca5

  • SHA1

    1bef5e61a3c11a8651870f3ad386f0a09f94de52

  • SHA256

    3adeefdaffda88ac8183d5c4164c9ad10b63c039c72fac187a596f4fcf906c00

  • SHA512

    193054828f611dc98410472d519618de039cdf33fd9611d7214d695f8328c718a7b444412e8de74ad7ab14ed922f52354dd73b3069acddea1942469062f6721b

Malware Config

Extracted

Family

netwire

C2

ponchikvps.ddns.net:3677

Attributes
  • activex_autorun

    false

  • copy_executable

    false

  • delete_original

    false

  • host_id

    HostId-%Rand%

  • lock_executable

    false

  • offline_keylogger

    false

  • password

    Password

  • registry_autorun

    false

  • use_mutex

    false

Targets

    • Target

      8f98297f190db64c6c1bb9b85b78eca5.exe

    • Size

      273KB

    • MD5

      8f98297f190db64c6c1bb9b85b78eca5

    • SHA1

      1bef5e61a3c11a8651870f3ad386f0a09f94de52

    • SHA256

      3adeefdaffda88ac8183d5c4164c9ad10b63c039c72fac187a596f4fcf906c00

    • SHA512

      193054828f611dc98410472d519618de039cdf33fd9611d7214d695f8328c718a7b444412e8de74ad7ab14ed922f52354dd73b3069acddea1942469062f6721b

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks