General

  • Target

    791d433a12cfde4d5c85addce8a00e4be6bb2d6e84d197a9c51c8567a6fb6f04

  • Size

    1009KB

  • Sample

    221001-3vfa9adgcn

  • MD5

    5924a435db94b857f47c1d8db535de0e

  • SHA1

    9cb9c480ce6682e08789ee31209fbb6e663b5c76

  • SHA256

    791d433a12cfde4d5c85addce8a00e4be6bb2d6e84d197a9c51c8567a6fb6f04

  • SHA512

    e228b170c6c988ed07c0e9efee5b77142f4bcba05f0a148e8425eb80aa55e5e23c3aeb36009734f0ab16ad3ec1163598af76d54b3ee32c64bec9cf61a11a81cf

Malware Config

Targets

    • Target

      791d433a12cfde4d5c85addce8a00e4be6bb2d6e84d197a9c51c8567a6fb6f04

    • Size

      1009KB

    • MD5

      5924a435db94b857f47c1d8db535de0e

    • SHA1

      9cb9c480ce6682e08789ee31209fbb6e663b5c76

    • SHA256

      791d433a12cfde4d5c85addce8a00e4be6bb2d6e84d197a9c51c8567a6fb6f04

    • SHA512

      e228b170c6c988ed07c0e9efee5b77142f4bcba05f0a148e8425eb80aa55e5e23c3aeb36009734f0ab16ad3ec1163598af76d54b3ee32c64bec9cf61a11a81cf

    • NetWire RAT payload

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    • Executes dropped EXE

    • Modifies Installed Components in the registry

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Discovery

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Privilege Escalation