General

  • Target

    0x0009000000013a13-58.dat

  • Size

    227KB

  • Sample

    220914-e934vshcd2

  • MD5

    a8edd52c5edfe91da90ebee24b51d3c6

  • SHA1

    fc36350b93c6974865eaa7f00a98fa281d1ff7fd

  • SHA256

    35d0bbb6787ae3fb3e155f2eaad36e5f4bb5255e7bb95b759790cc3cc048839d

  • SHA512

    97278bb3967c6ec10d221820d0d50d3582e6fd3975318c882efbecc6b87bfc83f9f58d927e81ecb95ea8a510929591834a27a23e56dc38e8d091f95f9a31ca14

  • SSDEEP

    6144:mdCAOLZ7r6xhdyJLkEatq0YE2f6rD9Z7vIDECbUn1ItN6pQ/EjMqqDeMln:fAwZixvy9YaY1ItAy2q

Malware Config

Targets

    • Target

      0x0009000000013a13-58.dat

    • Size

      227KB

    • MD5

      a8edd52c5edfe91da90ebee24b51d3c6

    • SHA1

      fc36350b93c6974865eaa7f00a98fa281d1ff7fd

    • SHA256

      35d0bbb6787ae3fb3e155f2eaad36e5f4bb5255e7bb95b759790cc3cc048839d

    • SHA512

      97278bb3967c6ec10d221820d0d50d3582e6fd3975318c882efbecc6b87bfc83f9f58d927e81ecb95ea8a510929591834a27a23e56dc38e8d091f95f9a31ca14

    • SSDEEP

      6144:mdCAOLZ7r6xhdyJLkEatq0YE2f6rD9Z7vIDECbUn1ItN6pQ/EjMqqDeMln:fAwZixvy9YaY1ItAy2q

    • NetWire RAT payload

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks