Overview

overview

10

Static

static

e3d68e3484...40.exe

windows7-x64

10

e3d68e3484...40.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e3d68e3484634f2133d390ec458c2f8e3763d5663a15df1103ec6555df873940

  • Size

    168KB

  • Sample

    221004-ggprwaedhk

  • MD5

    54ee381e756783fbe4f7d22ce9fb5409

  • SHA1

    9f36b2e555408ab4d58eff5fa73fc53253c1e3d5

  • SHA256

    e3d68e3484634f2133d390ec458c2f8e3763d5663a15df1103ec6555df873940

  • SHA512

    fb8f82119423d89d251dbd2e2105e7e3615a45a6cfb36ac3521318141cfa96e41febb7e9a7c0b1ac3e734571efd356b91a75c0b5fa162646bcc17e2f2b0853c8

  • SSDEEP

    3072:9IQUfIcSYq2wQAQCp5HOYbCyA7PrnMceCzzFStKHNg7c:dyjSYqwI5HA7PrnMcBzpStT

Score
10/10
netwirebotnetpersistenceratstealerupx

Malware Config

Targets

    • Target

      e3d68e3484634f2133d390ec458c2f8e3763d5663a15df1103ec6555df873940

    • Size

      168KB

    • MD5

      54ee381e756783fbe4f7d22ce9fb5409

    • SHA1

      9f36b2e555408ab4d58eff5fa73fc53253c1e3d5

    • SHA256

      e3d68e3484634f2133d390ec458c2f8e3763d5663a15df1103ec6555df873940

    • SHA512

      fb8f82119423d89d251dbd2e2105e7e3615a45a6cfb36ac3521318141cfa96e41febb7e9a7c0b1ac3e734571efd356b91a75c0b5fa162646bcc17e2f2b0853c8

    • SSDEEP

      3072:9IQUfIcSYq2wQAQCp5HOYbCyA7PrnMceCzzFStKHNg7c:dyjSYqwI5HA7PrnMcBzpStT

    Score
    10/10
    netwirebotnetpersistenceratstealerupx

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks