Overview

overview

10

Static

static

payment co...on.exe

windows7-x64

10

payment co...on.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    payment confirmation.exe

  • Size

    1.0MB

  • Sample

    221006-k8f6lahbal

  • MD5

    e25d9a7242d86c27e2c6221061d4f4f2

  • SHA1

    448bc5bdf1f2d763aba2fbee233605f29ac14a40

  • SHA256

    e8ee8827402f5843e0b4f5ff6640f1efabbc90217904998f89b308379783bc49

  • SHA512

    2bc0e95a9e581544878fd7ae6b0f4552184846cac94a8c9e09e38c6a798029bb15b7338cbd97bcd3a6c92bd976c5369a7d1c9582f48c6608af1b525f2d123a57

  • SSDEEP

    12288:BxzD41eG9VpJqrHD6f2fD9hmzinJxFT5jFPHRTZkOWZkQ4JR:BK1eCpJqra2fD96izF5TZk9kQ4

Score
10/10
netwirebotnetratstealer

Malware Config

Extracted

Family

netwire

C2

185.136.165.182:3362

Attributes
  • activex_autorun

    false

  • copy_executable

    false

  • delete_original

    false

  • host_id

    Money_Man

  • lock_executable

    false

  • offline_keylogger

    false

  • password

    Password

  • registry_autorun

    false

  • use_mutex

    false

Targets

    • Target

      payment confirmation.exe

    • Size

      1.0MB

    • MD5

      e25d9a7242d86c27e2c6221061d4f4f2

    • SHA1

      448bc5bdf1f2d763aba2fbee233605f29ac14a40

    • SHA256

      e8ee8827402f5843e0b4f5ff6640f1efabbc90217904998f89b308379783bc49

    • SHA512

      2bc0e95a9e581544878fd7ae6b0f4552184846cac94a8c9e09e38c6a798029bb15b7338cbd97bcd3a6c92bd976c5369a7d1c9582f48c6608af1b525f2d123a57

    • SSDEEP

      12288:BxzD41eG9VpJqrHD6f2fD9hmzinJxFT5jFPHRTZkOWZkQ4JR:BK1eCpJqra2fD96izF5TZk9kQ4

    Score
    10/10
    netwirebotnetratstealer

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks