Overview

overview

10

Static

static

bf6a763be3...39.exe

windows7-x64

10

bf6a763be3...39.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bf6a763be37b940d0ab0ca6d8d5cbba15366861f36acf4e98e4249f92f445e39

  • Size

    194KB

  • Sample

    221002-2tgl9afeeq

  • MD5

    668d157ae4a5f12573f9711d5c545c20

  • SHA1

    ad7ff5f2fdb495a21c13656bb6ab8269b37b580e

  • SHA256

    bf6a763be37b940d0ab0ca6d8d5cbba15366861f36acf4e98e4249f92f445e39

  • SHA512

    245cd610ec06f30662b7be887f86b4b75f9c2947240837b7699df1a58301f4d2c6a1c2dbfea30a5df629f48a2eb11445bf0a638e4ad8a603069a8949a7f9735b

  • SSDEEP

    3072:JjQONxHpxhA2H/hegAuhIR/M5eWsJzayw8zcXyNYCQk2eDwXJQ6p:ScHm2Y0hPeWKzayFzvCCvzSJQ

Score
10/10
netwirebotnetpersistenceratstealer

Malware Config

Targets

    • Target

      bf6a763be37b940d0ab0ca6d8d5cbba15366861f36acf4e98e4249f92f445e39

    • Size

      194KB

    • MD5

      668d157ae4a5f12573f9711d5c545c20

    • SHA1

      ad7ff5f2fdb495a21c13656bb6ab8269b37b580e

    • SHA256

      bf6a763be37b940d0ab0ca6d8d5cbba15366861f36acf4e98e4249f92f445e39

    • SHA512

      245cd610ec06f30662b7be887f86b4b75f9c2947240837b7699df1a58301f4d2c6a1c2dbfea30a5df629f48a2eb11445bf0a638e4ad8a603069a8949a7f9735b

    • SSDEEP

      3072:JjQONxHpxhA2H/hegAuhIR/M5eWsJzayw8zcXyNYCQk2eDwXJQ6p:ScHm2Y0hPeWKzayFzvCCvzSJQ

    Score
    10/10
    netwirebotnetpersistenceratstealer

    • Modifies WinLogon for persistence

      persistence

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks