Overview

overview

10

Static

static

fd1ddff4e3...f6.exe

windows7-x64

10

fd1ddff4e3...f6.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fd1ddff4e361bc59e19399cae6bd9f9f81381a3480774d283ebfa01a3a9cc2f6

  • Size

    274KB

  • Sample

    221122-v7eaqafa5z

  • MD5

    954a40569d9840fd4d492d19cc3fa5a6

  • SHA1

    a3c6622bfbeef7023d5bbede041451e305124d02

  • SHA256

    fd1ddff4e361bc59e19399cae6bd9f9f81381a3480774d283ebfa01a3a9cc2f6

  • SHA512

    e9a7b97647d10178a60a88c6310d49db2c10edab7ded53c63a8fe2f80d3af9be25b3525f58f2b808c84d73e8bbc8b3003953201456c107880be3bba695907d3c

  • SSDEEP

    6144:bwwik3MHZNEDy756uTayLhvIZp9QTwtlSBtNCD3WQlGb1Y724shg+agT:bbikc5jTCSdj3cgT

Score
10/10
netwirebotnetpersistenceratstealer

Malware Config

Targets

    • Target

      fd1ddff4e361bc59e19399cae6bd9f9f81381a3480774d283ebfa01a3a9cc2f6

    • Size

      274KB

    • MD5

      954a40569d9840fd4d492d19cc3fa5a6

    • SHA1

      a3c6622bfbeef7023d5bbede041451e305124d02

    • SHA256

      fd1ddff4e361bc59e19399cae6bd9f9f81381a3480774d283ebfa01a3a9cc2f6

    • SHA512

      e9a7b97647d10178a60a88c6310d49db2c10edab7ded53c63a8fe2f80d3af9be25b3525f58f2b808c84d73e8bbc8b3003953201456c107880be3bba695907d3c

    • SSDEEP

      6144:bwwik3MHZNEDy756uTayLhvIZp9QTwtlSBtNCD3WQlGb1Y724shg+agT:bbikc5jTCSdj3cgT

    Score
    10/10
    netwirebotnetpersistenceratstealer

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks