Overview

overview

10

Static

static

SLIP01.SCR.exe

windows7-x64

10

SLIP01.SCR.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SLIP01.SCR.exe

  • Size

    590KB

  • Sample

    220915-ntek1agfcm

  • MD5

    525a97cd72d93754f7bf4ef3c9c291cf

  • SHA1

    4751f756e2eefbdf54147b5c5b7b178c226efbf2

  • SHA256

    09ecefeba092b02d99a1e113987c66c383d3c0a3f4d15bf1d87990200401ed6b

  • SHA512

    5f8d27387b4e2478d7074fc510dc483e909fbba6d8f717866f8fcc185f27a33b1c81a3da2f7131399236bbca34cb31da25c3619e9945c0f04f51859fa848b6e8

  • SSDEEP

    12288:hMJl4djkXtEoVLEeYOLu/fkwl5aY3IiB+5IV:2X+o1EeYfvZ2m

Score
10/10
netwirebotnetratstealer

Malware Config

Extracted

Family

netwire

C2

iphanyi.edns.biz:3360

Attributes
  • activex_autorun

    false

  • copy_executable

    false

  • delete_original

    false

  • host_id

    RDP_SEPT_2022

  • install_path

    %AppData%\Install\Host.exe

  • lock_executable

    false

  • offline_keylogger

    false

  • password

    caster123

  • registry_autorun

    false

  • use_mutex

    false

Targets

    • Target

      SLIP01.SCR.exe

    • Size

      590KB

    • MD5

      525a97cd72d93754f7bf4ef3c9c291cf

    • SHA1

      4751f756e2eefbdf54147b5c5b7b178c226efbf2

    • SHA256

      09ecefeba092b02d99a1e113987c66c383d3c0a3f4d15bf1d87990200401ed6b

    • SHA512

      5f8d27387b4e2478d7074fc510dc483e909fbba6d8f717866f8fcc185f27a33b1c81a3da2f7131399236bbca34cb31da25c3619e9945c0f04f51859fa848b6e8

    • SSDEEP

      12288:hMJl4djkXtEoVLEeYOLu/fkwl5aY3IiB+5IV:2X+o1EeYfvZ2m

    Score
    10/10
    netwirebotnetratstealer

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks