General

  • Target

    ec9e73dd34c006df5b695379fd2fefe4a98e3aafa505c03e4c8bff42272b515b

  • Size

    160KB

  • Sample

    221123-xabvfaed26

  • MD5

    5816d94bf51f3d6b6d8fa68809a05a57

  • SHA1

    2f90c3c153bedd60af34e9748ddce2a67fe103e6

  • SHA256

    ec9e73dd34c006df5b695379fd2fefe4a98e3aafa505c03e4c8bff42272b515b

  • SHA512

    c6b0053037aaf062b5b862bea2b1a1f8d9eb9583ebf77727f7e9c7c821bd194db9adb21012186f5c46cb399bce10d23a7b53f866f51d2fe1c706ddbd02bdcd70

  • SSDEEP

    3072:jOzPcXa+ND32eioGHlz8rnAE0HCXh0edLvRdYMjMqqDvFf:jOTcK+NrRioGHlz8rz0i/fzQqqDvFf

Malware Config

Extracted

Family

netwire

C2

alice2019.myftp.biz:3360

Attributes
  • activex_autorun

    false

  • copy_executable

    false

  • delete_original

    false

  • host_id

    Fs_Spread_0001

  • keylogger_dir

    %AppData%\Logs\

  • lock_executable

    false

  • offline_keylogger

    true

  • password

    Password

  • registry_autorun

    false

  • use_mutex

    false

Targets

    • Target

      ec9e73dd34c006df5b695379fd2fefe4a98e3aafa505c03e4c8bff42272b515b

    • Size

      160KB

    • MD5

      5816d94bf51f3d6b6d8fa68809a05a57

    • SHA1

      2f90c3c153bedd60af34e9748ddce2a67fe103e6

    • SHA256

      ec9e73dd34c006df5b695379fd2fefe4a98e3aafa505c03e4c8bff42272b515b

    • SHA512

      c6b0053037aaf062b5b862bea2b1a1f8d9eb9583ebf77727f7e9c7c821bd194db9adb21012186f5c46cb399bce10d23a7b53f866f51d2fe1c706ddbd02bdcd70

    • SSDEEP

      3072:jOzPcXa+ND32eioGHlz8rnAE0HCXh0edLvRdYMjMqqDvFf:jOTcK+NrRioGHlz8rz0i/fzQqqDvFf

    Score
    10/10
    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

MITRE ATT&CK Matrix

Tasks