Overview

overview

10

Static

static

Invoice No...303.js

windows7-x64

10

Invoice No...303.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Invoice No.000733487303.js

  • Size

    496KB

  • Sample

    220919-j2rs3sffb2

  • MD5

    7b76b56837fad8241f10604c44de493f

  • SHA1

    b8575dc549f905dd9fddecc254232914abaaffe2

  • SHA256

    09893a238f6a7dc6bcf685f566dd57f6a968b08d244e6e56e677a8070a4b595a

  • SHA512

    b37eed33098fb2c85b7cd1a14c77b2d77d8f34ed480f00e5491e0479798e46ec5f2de22b9299ff9c0882c0fc60e494e7dc9cb966562bc2af39c9d642a2b42c45

  • SSDEEP

    12288:n19SpUzm9WbccaebiM2fQ/ihctOe0prNzhKWyKQSg9y:n1QB9BeIzgWyO

Score
10/10
netwirebotnetratstealer

Malware Config

Extracted

Family

netwire

C2

whiteking.giize.com:4040

Attributes
  • activex_autorun

    false

  • copy_executable

    false

  • delete_original

    false

  • host_id

    DEGRACE

  • lock_executable

    false

  • offline_keylogger

    false

  • password

    Password

  • registry_autorun

    false

  • use_mutex

    false

Targets

    • Target

      Invoice No.000733487303.js

    • Size

      496KB

    • MD5

      7b76b56837fad8241f10604c44de493f

    • SHA1

      b8575dc549f905dd9fddecc254232914abaaffe2

    • SHA256

      09893a238f6a7dc6bcf685f566dd57f6a968b08d244e6e56e677a8070a4b595a

    • SHA512

      b37eed33098fb2c85b7cd1a14c77b2d77d8f34ed480f00e5491e0479798e46ec5f2de22b9299ff9c0882c0fc60e494e7dc9cb966562bc2af39c9d642a2b42c45

    • SSDEEP

      12288:n19SpUzm9WbccaebiM2fQ/ihctOe0prNzhKWyKQSg9y:n1QB9BeIzgWyO

    Score
    10/10
    netwirebotnetratstealer

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks