Overview

overview

10

Static

static

purchase order.xll

windows7-x64

10

purchase order.xll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    purchase order.xll

  • Size

    632KB

  • Sample

    220811-g12ksadhf4

  • MD5

    07b9b4746d7d71fe1a670380a197a48f

  • SHA1

    902c5741347b1641280bd2670461391b46cfbafc

  • SHA256

    7da61c80129d3f314db26cdd16e8f2d956c538170001af5394a9d5b5687d69ea

  • SHA512

    03841fddcc314a1affe1ae2a5e7d486469d39f49c30fd62e21f443dddcd257a94f2c7b3b0dd0a49e44b2986beb3a6c88980299c8e0863f9d9a73d36f5a34a44b

Score
10/10
netwirebotnetratstealer

Malware Config

Extracted

Language
xlm4.0
Source

Extracted

Family

netwire

C2

80.66.64.136:6671

Attributes
  • activex_autorun

    false

  • copy_executable

    false

  • delete_original

    false

  • host_id

    HostId-%Rand%

  • lock_executable

    false

  • offline_keylogger

    false

  • password

    kongking

  • registry_autorun

    false

  • use_mutex

    false

Targets

    • Target

      purchase order.xll

    • Size

      632KB

    • MD5

      07b9b4746d7d71fe1a670380a197a48f

    • SHA1

      902c5741347b1641280bd2670461391b46cfbafc

    • SHA256

      7da61c80129d3f314db26cdd16e8f2d956c538170001af5394a9d5b5687d69ea

    • SHA512

      03841fddcc314a1affe1ae2a5e7d486469d39f49c30fd62e21f443dddcd257a94f2c7b3b0dd0a49e44b2986beb3a6c88980299c8e0863f9d9a73d36f5a34a44b

    Score
    10/10
    netwirebotnetratstealer

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks