Overview

overview

10

Static

static

1d5bd2883d...c4.exe

windows7-x64

10

1d5bd2883d...c4.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1d5bd2883deb901304374c94c53111c651b84a93b42dfebe7130fbfe8fe659c4

  • Size

    204KB

  • Sample

    221123-r7pvnsde9w

  • MD5

    205848af8f42bb58eb75691d63914680

  • SHA1

    03a9291302adb5547770ad9fd9c154bcee0b4cf6

  • SHA256

    1d5bd2883deb901304374c94c53111c651b84a93b42dfebe7130fbfe8fe659c4

  • SHA512

    3ccac74913e87b9c532cb9fc47bb7d87b263c1d1fc5195e8931c871d46981aeb03cc21b17bad9e9d7c225c28dcaaa57aebe6895bca6003b01c7bab1a6f764d83

  • SSDEEP

    3072:MeirItZs7DbxRmBIrqfD+jKzbIXEoKxXFBbhkBJlOqvLu2d71KBscrvjVe:MeiEoDtWLmEBbKB/OkSc/07E

Score
10/10
netwirebotnetpersistenceratstealer

Malware Config

Targets

    • Target

      1d5bd2883deb901304374c94c53111c651b84a93b42dfebe7130fbfe8fe659c4

    • Size

      204KB

    • MD5

      205848af8f42bb58eb75691d63914680

    • SHA1

      03a9291302adb5547770ad9fd9c154bcee0b4cf6

    • SHA256

      1d5bd2883deb901304374c94c53111c651b84a93b42dfebe7130fbfe8fe659c4

    • SHA512

      3ccac74913e87b9c532cb9fc47bb7d87b263c1d1fc5195e8931c871d46981aeb03cc21b17bad9e9d7c225c28dcaaa57aebe6895bca6003b01c7bab1a6f764d83

    • SSDEEP

      3072:MeirItZs7DbxRmBIrqfD+jKzbIXEoKxXFBbhkBJlOqvLu2d71KBscrvjVe:MeiEoDtWLmEBbKB/OkSc/07E

    Score
    10/10
    netwirebotnetpersistenceratstealer

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks