Overview

overview

10

Static

static

493839_204...df.exe

windows7-x64

1

493839_204...df.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    33bb710085124d925edff2facd3e6337

  • Size

    43KB

  • Sample

    220901-zqdebabadn

  • MD5

    33bb710085124d925edff2facd3e6337

  • SHA1

    3d68e635ea24a681ae8008cc89003f456a5c1405

  • SHA256

    f4942fe305063eff957d16d263ab9537f955e3e430dd4d09daaa654db4430243

  • SHA512

    0d281a0a3043b2846b8300668eb961d18325dc95cf349197c5dc22dd9b1762a7e00c46cebe20b51eead7ddb356936709ab9051a019d782def24604a866120813

  • SSDEEP

    768:CfX+vQn2cM+2m0i2CTrW3vIPI+aVfdq8+lC7wgqUH+mEypOCnxEuk:6aWM+nTbPIVg857wr6+mE/GWuk

Score
10/10
netwirebotnetratstealer

Malware Config

Extracted

Family

netwire

C2

bigman2021.duckdns.org:3303

Attributes
  • activex_autorun

    false

  • copy_executable

    false

  • delete_original

    false

  • host_id

    HostId-%Rand%

  • lock_executable

    false

  • offline_keylogger

    false

  • password

    Password

  • registry_autorun

    false

  • use_mutex

    false

Targets

    • Target

      493839_20493_rfq_0932_po.pdf.exe

    • Size

      230KB

    • MD5

      c3202d6e32b6bed3c6ba49aaed96010b

    • SHA1

      60f4117f39cffcd87e942774203164df290b89b3

    • SHA256

      1ca38da4e968230b701efc2d415e3710ba7c82b60d6df13854b157d08eccd3d3

    • SHA512

      d8feb7f1bf1db8a153f1577cf70f70b9b62520a1e84b673341c60633f0f9030182c4958999260b907d15e890def6c7359b775f5a031444bd2817b91ea55b09ae

    • SSDEEP

      3072:LT/T7gqPHIvuvHQFpaIYkKEPIFJzE17vtf:f5VHsaIYkb

    Score
    10/10
    netwirebotnetratstealer

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks