General

  • Target

    db1f67662e5ca9e31d8b97e81868b9aac471202866dc442e3617613ab53fa2f0

  • Size

    1.0MB

  • Sample

    220811-hdp4xaebd9

  • MD5

    86afe7748042ad36d8ad98bc9cd231d7

  • SHA1

    595630681e9a397085925fe2219a79c06baa7de9

  • SHA256

    db1f67662e5ca9e31d8b97e81868b9aac471202866dc442e3617613ab53fa2f0

  • SHA512

    04884dc39568b100899238937249f9ad0c897f573cda1ff849df6b701699c9d526ab8e208ec42a9ad1c275fe83fe809dbb7e3f007842fb59cbe13a0a7ed0ab6f

Malware Config

Extracted

Family

netwire

C2

80.66.64.136:6671

Attributes
  • activex_autorun

    false

  • copy_executable

    false

  • delete_original

    false

  • host_id

    HostId-%Rand%

  • lock_executable

    false

  • offline_keylogger

    false

  • password

    kongking

  • registry_autorun

    false

  • use_mutex

    false

Targets

    • Target

      db1f67662e5ca9e31d8b97e81868b9aac471202866dc442e3617613ab53fa2f0

    • Size

      1.0MB

    • MD5

      86afe7748042ad36d8ad98bc9cd231d7

    • SHA1

      595630681e9a397085925fe2219a79c06baa7de9

    • SHA256

      db1f67662e5ca9e31d8b97e81868b9aac471202866dc442e3617613ab53fa2f0

    • SHA512

      04884dc39568b100899238937249f9ad0c897f573cda1ff849df6b701699c9d526ab8e208ec42a9ad1c275fe83fe809dbb7e3f007842fb59cbe13a0a7ed0ab6f

    • NetWire RAT payload

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks