General

  • Target

    2269bc1d06260a0eabaf8927b13c2f2af46ddaeff896eb8e1d5d55c549ee2f45

  • Size

    136KB

  • Sample

    221011-x25a3abchm

  • MD5

    79ab9456804604d09f61971be7bca6e0

  • SHA1

    a248e55f44535af03155d39a3a4238b01f8c547f

  • SHA256

    2269bc1d06260a0eabaf8927b13c2f2af46ddaeff896eb8e1d5d55c549ee2f45

  • SHA512

    0e3eb6a9f5c4029e9969f4b5533159893b5d23456f4c921ec62950ba5a6eb99379714819b18dc5a36851bd744eda1fdd56f749e27b838bf7eac67479c237866a

  • SSDEEP

    3072:fDYGrNMoDe7BQA0bLVZ9xthsDgichP9eATG1pnrH:7YgFYBQNLVnxgDRcWA

Malware Config

Targets

    • Target

      2269bc1d06260a0eabaf8927b13c2f2af46ddaeff896eb8e1d5d55c549ee2f45

    • Size

      136KB

    • MD5

      79ab9456804604d09f61971be7bca6e0

    • SHA1

      a248e55f44535af03155d39a3a4238b01f8c547f

    • SHA256

      2269bc1d06260a0eabaf8927b13c2f2af46ddaeff896eb8e1d5d55c549ee2f45

    • SHA512

      0e3eb6a9f5c4029e9969f4b5533159893b5d23456f4c921ec62950ba5a6eb99379714819b18dc5a36851bd744eda1fdd56f749e27b838bf7eac67479c237866a

    • SSDEEP

      3072:fDYGrNMoDe7BQA0bLVZ9xthsDgichP9eATG1pnrH:7YgFYBQNLVnxgDRcWA

    • NetWire RAT payload

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    • Modifies Installed Components in the registry

    • Adds Run key to start application

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Discovery

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Privilege Escalation

                      Tasks