Overview

overview

10

Static

static

9c46fdf782...d8.exe

windows7-x64

10

9c46fdf782...d8.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9c46fdf7827bce482555180c932d47d8.exe

  • Size

    584KB

  • Sample

    221025-t7m27adcbl

  • MD5

    9c46fdf7827bce482555180c932d47d8

  • SHA1

    1ae60690cc27ec74be8f4334e0e9fbfd05fdffa0

  • SHA256

    637e17723ea88878915ba42095680ee5438c22a88a4538137b3174dd4e2e8c6a

  • SHA512

    36e6295ebe04db32830646b301c4aff10e1b3365dfe10d8801b15af2a0237c3a16e6b77528ff13fe3f0d0929e20b573bc4466d5d06c441862bd6c72cdb5652c1

  • SSDEEP

    12288:zNZwI+hBtAnzo+YSSwiG5LgpRwMX6HhJ6qnepnU55dTOdQ:zADhBmzovSSm5CK7hekdTOdQ

Score
10/10
netwirebotnetcollectionratspywarestealer

Malware Config

Targets

    • Target

      9c46fdf7827bce482555180c932d47d8.exe

    • Size

      584KB

    • MD5

      9c46fdf7827bce482555180c932d47d8

    • SHA1

      1ae60690cc27ec74be8f4334e0e9fbfd05fdffa0

    • SHA256

      637e17723ea88878915ba42095680ee5438c22a88a4538137b3174dd4e2e8c6a

    • SHA512

      36e6295ebe04db32830646b301c4aff10e1b3365dfe10d8801b15af2a0237c3a16e6b77528ff13fe3f0d0929e20b573bc4466d5d06c441862bd6c72cdb5652c1

    • SSDEEP

      12288:zNZwI+hBtAnzo+YSSwiG5LgpRwMX6HhJ6qnepnU55dTOdQ:zADhBmzovSSm5CK7hekdTOdQ

    Score
    10/10
    netwirebotnetcollectionratspywarestealer

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks