General

  • Target

    c3da75b39650dd66fa445a7a120b6383.exe

  • Size

    1MB

  • Sample

    220922-mpyyeabcb5

  • MD5

    c3da75b39650dd66fa445a7a120b6383

  • SHA1

    22e7e85a8ba70a9d5e4c1cfb74365418ef5f45fe

  • SHA256

    67f5ddf21cf15cefce056ddbe7bbcb3a3a7cd3551c0c1aec77360de58d820786

  • SHA512

    a6e6cf1b95a314bc3bf81cee1aadc3657df3d40dba3518480cbe1e121cda6dc3a8a50cc3e3f5d13188a788783db612c1b1d51d3652c92de865a2ed8ca555bac4

Malware Config

Targets

    • Target

      c3da75b39650dd66fa445a7a120b6383.exe

    • Size

      1MB

    • MD5

      c3da75b39650dd66fa445a7a120b6383

    • SHA1

      22e7e85a8ba70a9d5e4c1cfb74365418ef5f45fe

    • SHA256

      67f5ddf21cf15cefce056ddbe7bbcb3a3a7cd3551c0c1aec77360de58d820786

    • SHA512

      a6e6cf1b95a314bc3bf81cee1aadc3657df3d40dba3518480cbe1e121cda6dc3a8a50cc3e3f5d13188a788783db612c1b1d51d3652c92de865a2ed8ca555bac4

    • NetWire RAT payload

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Command and Control

    Credential Access

    Defense Evasion

    Execution

      Exfiltration

        Impact

          Initial Access

            Lateral Movement

              Privilege Escalation