General

  • Target

    3f153b9bfc044bb0c370cabd0496c8a6.exe

  • Size

    1MB

  • Sample

    221003-d16mysffak

  • MD5

    3f153b9bfc044bb0c370cabd0496c8a6

  • SHA1

    f98e3e3a0f5fc735f7167367fa272b5365595548

  • SHA256

    67b10001ec5c141e48e61d73c2c4d8c2c1170eecfbe8732ea5b3069d6cd333b0

  • SHA512

    a53caea88f5719ec51abbfa119aa4cfd0df9a4d90acd33356008bcfba2c45bdf60a6bacc69512969367dcc86c388da2d017bc1a7bfaed6c7cb1dc18fcf483982

Malware Config

Targets

    • Target

      3f153b9bfc044bb0c370cabd0496c8a6.exe

    • Size

      1MB

    • MD5

      3f153b9bfc044bb0c370cabd0496c8a6

    • SHA1

      f98e3e3a0f5fc735f7167367fa272b5365595548

    • SHA256

      67b10001ec5c141e48e61d73c2c4d8c2c1170eecfbe8732ea5b3069d6cd333b0

    • SHA512

      a53caea88f5719ec51abbfa119aa4cfd0df9a4d90acd33356008bcfba2c45bdf60a6bacc69512969367dcc86c388da2d017bc1a7bfaed6c7cb1dc18fcf483982

    • NetWire RAT payload

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Privilege Escalation