General

  • Target

    bd4754619fc5e08c904356423971e633248aaeed941bcbe924764624a1675181

  • Size

    183KB

  • Sample

    221001-xm7gwabcd2

  • MD5

    7600056accafb4281250bfed98f0630d

  • SHA1

    f61bd219039db28797f8ad62674b029442b7f889

  • SHA256

    bd4754619fc5e08c904356423971e633248aaeed941bcbe924764624a1675181

  • SHA512

    2949a540608b904d909cb8e4a873c3322dbab9a34dbb442c149f05da591ba54b7f2af50620d817560b110b9d1ebd9a6e772a9c70408903cf8e8ade3d35a4cdf0

Malware Config

Targets

    • Target

      bd4754619fc5e08c904356423971e633248aaeed941bcbe924764624a1675181

    • Size

      183KB

    • MD5

      7600056accafb4281250bfed98f0630d

    • SHA1

      f61bd219039db28797f8ad62674b029442b7f889

    • SHA256

      bd4754619fc5e08c904356423971e633248aaeed941bcbe924764624a1675181

    • SHA512

      2949a540608b904d909cb8e4a873c3322dbab9a34dbb442c149f05da591ba54b7f2af50620d817560b110b9d1ebd9a6e772a9c70408903cf8e8ade3d35a4cdf0

    • NetWire RAT payload

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Privilege Escalation