General

  • Target

    e10d4c8e97df9a2bce4ea3bc841646b1a15b579071c494acbcd604f0c09cfe7e

  • Size

    810KB

  • Sample

    221119-lnf6jaac7z

  • MD5

    fa559220925eea2742d7b00a74d51bb2

  • SHA1

    b3ce3b12cb42e539c6ed5a30c970829ade27927e

  • SHA256

    e10d4c8e97df9a2bce4ea3bc841646b1a15b579071c494acbcd604f0c09cfe7e

  • SHA512

    53d6659a379fd99cede23c692ed946a0f0584c89d3fd56b1d75b44ffc081aa663a23b76997104633884a1c69cc8f12a9b156f05d99b49951f9b727563a25d1ee

  • SSDEEP

    12288:7Afvcc87YJg6IdFy9TMrExB/o+++9ei2UQVKjTRgQnhzeFozePyKfH1aw:7/CeFcTMrExxHthnkOMH1a

Malware Config

Targets

    • Target

      e10d4c8e97df9a2bce4ea3bc841646b1a15b579071c494acbcd604f0c09cfe7e

    • Size

      810KB

    • MD5

      fa559220925eea2742d7b00a74d51bb2

    • SHA1

      b3ce3b12cb42e539c6ed5a30c970829ade27927e

    • SHA256

      e10d4c8e97df9a2bce4ea3bc841646b1a15b579071c494acbcd604f0c09cfe7e

    • SHA512

      53d6659a379fd99cede23c692ed946a0f0584c89d3fd56b1d75b44ffc081aa663a23b76997104633884a1c69cc8f12a9b156f05d99b49951f9b727563a25d1ee

    • SSDEEP

      12288:7Afvcc87YJg6IdFy9TMrExB/o+++9ei2UQVKjTRgQnhzeFozePyKfH1aw:7/CeFcTMrExxHthnkOMH1a

    • NetWire RAT payload

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Tasks