General

  • Target

    27e8103629b7e24e47e592b8c32708e491f013b06ca2ffaf6b042479a93b4cc5

  • Size

    734KB

  • Sample

    221001-zakhpaffak

  • MD5

    764f2688a266ba3cab3a77dc7de911d0

  • SHA1

    aabb78ced12f42e5e67d681ad0fcf26ae58b1e5d

  • SHA256

    27e8103629b7e24e47e592b8c32708e491f013b06ca2ffaf6b042479a93b4cc5

  • SHA512

    27f8bb9039d7c67af8dcc19f7b1ae5a7601e217a381683a4380ca97baa94bf1009d9a14dcd50e964edac6599c616a3666f1900a98b4af2a9e4b7ca496c93bc73

Malware Config

Targets

    • Target

      27e8103629b7e24e47e592b8c32708e491f013b06ca2ffaf6b042479a93b4cc5

    • Size

      734KB

    • MD5

      764f2688a266ba3cab3a77dc7de911d0

    • SHA1

      aabb78ced12f42e5e67d681ad0fcf26ae58b1e5d

    • SHA256

      27e8103629b7e24e47e592b8c32708e491f013b06ca2ffaf6b042479a93b4cc5

    • SHA512

      27f8bb9039d7c67af8dcc19f7b1ae5a7601e217a381683a4380ca97baa94bf1009d9a14dcd50e964edac6599c616a3666f1900a98b4af2a9e4b7ca496c93bc73

    • NetWire RAT payload

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    • Executes dropped EXE

    • Modifies Installed Components in the registry

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Discovery

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Privilege Escalation