Overview

overview

10

Static

static

8

92a4f8f515...94.exe

windows7-x64

10

92a4f8f515...94.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    92a4f8f51572711df0bd62c7728eab1465b38359ac741f67bc62e4d8ddc38094

  • Size

    411KB

  • Sample

    221024-fzwgpseger

  • MD5

    21c579b4b2f5d7dc12ac93af214460e6

  • SHA1

    6a7744f745ecbe8004b2aead017dc50d2d0fea71

  • SHA256

    92a4f8f51572711df0bd62c7728eab1465b38359ac741f67bc62e4d8ddc38094

  • SHA512

    1450c32a8e43aff9603347e55da02c67a8bfda0249fd18dc1d93195ad81e1bca635273ae3391c4e29544c212335d949c4494b00a9d4311da4dbb7812b60354b7

  • SSDEEP

    6144:NVR1yKvclnBPohH3+Cg9UJUwiXf8ntCOtBopHNdHo8iwvzV6Lt4Wf15SziehTutZ:NVRk+/ZgaJUzXWopPFA4WffJQymuW4J

Score
10/10
netwirebotnetpersistenceratstealerupx

Malware Config

Targets

    • Target

      92a4f8f51572711df0bd62c7728eab1465b38359ac741f67bc62e4d8ddc38094

    • Size

      411KB

    • MD5

      21c579b4b2f5d7dc12ac93af214460e6

    • SHA1

      6a7744f745ecbe8004b2aead017dc50d2d0fea71

    • SHA256

      92a4f8f51572711df0bd62c7728eab1465b38359ac741f67bc62e4d8ddc38094

    • SHA512

      1450c32a8e43aff9603347e55da02c67a8bfda0249fd18dc1d93195ad81e1bca635273ae3391c4e29544c212335d949c4494b00a9d4311da4dbb7812b60354b7

    • SSDEEP

      6144:NVR1yKvclnBPohH3+Cg9UJUwiXf8ntCOtBopHNdHo8iwvzV6Lt4Wf15SziehTutZ:NVRk+/ZgaJUzXWopPFA4WffJQymuW4J

    Score
    10/10
    netwirebotnetpersistenceratstealerupx

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks