General

  • Target

    077c2209b330c3dd5020f5a77a9aafd24a0195d0b0bada5860cb7fa7cd1b7036

  • Size

    146KB

  • Sample

    221003-b2pdyscdfr

  • MD5

    6d879127296c234ef326c04f499b20b0

  • SHA1

    40714825beea682124743158508d19ef420ae99e

  • SHA256

    077c2209b330c3dd5020f5a77a9aafd24a0195d0b0bada5860cb7fa7cd1b7036

  • SHA512

    2cad074f419e514d8f15bfd1be4f04bf3d6214d3e12687117d2f312e57c8bf33c15386fdc10b8aa0dc52c58975346acaa7bf380ab4f26576e57ed19a55b0bd35

Malware Config

Targets

    • Target

      077c2209b330c3dd5020f5a77a9aafd24a0195d0b0bada5860cb7fa7cd1b7036

    • Size

      146KB

    • MD5

      6d879127296c234ef326c04f499b20b0

    • SHA1

      40714825beea682124743158508d19ef420ae99e

    • SHA256

      077c2209b330c3dd5020f5a77a9aafd24a0195d0b0bada5860cb7fa7cd1b7036

    • SHA512

      2cad074f419e514d8f15bfd1be4f04bf3d6214d3e12687117d2f312e57c8bf33c15386fdc10b8aa0dc52c58975346acaa7bf380ab4f26576e57ed19a55b0bd35

    • NetWire RAT payload

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

            Execution

              Exfiltration

                Impact

                  Initial Access

                    Lateral Movement

                      Persistence

                        Privilege Escalation