Overview

overview

10

Static

static

88b8af60d9...6a.exe

windows7-x64

10

88b8af60d9...6a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    88b8af60d96c24bb9c8fbaffa9310c474592a528fe1322427e4e6f5ae2650e6a

  • Size

    332KB

  • Sample

    221011-s15szsccam

  • MD5

    66db2cab6f4000cc5788b70f37ffdc60

  • SHA1

    5d9f3d7f1fe5f3df177ddc2336ac650b4fd802d7

  • SHA256

    88b8af60d96c24bb9c8fbaffa9310c474592a528fe1322427e4e6f5ae2650e6a

  • SHA512

    a4bbae98011c5f20d428df079e1933ae9979b84d0d5f6f097e5a4ff385490ddd48e3a69154320f4b47c6e04320f2aba0eff4dc3e55a227cfdeca015a8f1fe1d3

  • SSDEEP

    3072:Y+gycKNB60ldIXlsFKMaDKxVnPa3MgmH7Hg3l8XjDXvoIZh49BB4gA4AbU8TngF2:Y+gzKauyP/3MaK3+MFW

Score
10/10
netwirebotnetpersistenceratstealer

Malware Config

Targets

    • Target

      88b8af60d96c24bb9c8fbaffa9310c474592a528fe1322427e4e6f5ae2650e6a

    • Size

      332KB

    • MD5

      66db2cab6f4000cc5788b70f37ffdc60

    • SHA1

      5d9f3d7f1fe5f3df177ddc2336ac650b4fd802d7

    • SHA256

      88b8af60d96c24bb9c8fbaffa9310c474592a528fe1322427e4e6f5ae2650e6a

    • SHA512

      a4bbae98011c5f20d428df079e1933ae9979b84d0d5f6f097e5a4ff385490ddd48e3a69154320f4b47c6e04320f2aba0eff4dc3e55a227cfdeca015a8f1fe1d3

    • SSDEEP

      3072:Y+gycKNB60ldIXlsFKMaDKxVnPa3MgmH7Hg3l8XjDXvoIZh49BB4gA4AbU8TngF2:Y+gzKauyP/3MaK3+MFW

    Score
    10/10
    netwirebotnetpersistenceratstealer

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Executes dropped EXE

    • Modifies Installed Components in the registry

      persistence

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks