Overview

overview

10

Static

static

f9f90557fc...86.exe

windows7-x64

10

f9f90557fc...86.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8441119773.zip

  • Size

    272KB

  • Sample

    221124-acx45ahd3v

  • MD5

    d22c21dcd3d33fc59d297fa862d809e2

  • SHA1

    b92aa2c36eaa3f268669d4ce8779a9ee0a566934

  • SHA256

    6f1484a3d872eec135364a9a6835d9af6d16a5a72322128f06c191fea2a304c5

  • SHA512

    e15eb3f69c136c413149e920433ecae6fb545cae05311c4bfa496458b01541325fa235b9dc7d1d621cfe905200e76aef2ae74e6c9eab94c26adfa823c4383c68

  • SSDEEP

    6144:dCoq8utI87q+g1GNLn5TkBtOyvnp4nm+fLgtL3zAuDfB:dCeu282ITkBrC9Lgtjzj9

Score
10/10
netwirebotnetpersistenceratstealer

Malware Config

Targets

    • Target

      f9f90557fca9b219f73f55e987ba8d5ff40e623143a3a05c77287634a9708486

    • Size

      379KB

    • MD5

      6f1d5c57b3b415edc3767b079999dd50

    • SHA1

      4c93812daff305a4a9942613f0a9f2ee2120d187

    • SHA256

      f9f90557fca9b219f73f55e987ba8d5ff40e623143a3a05c77287634a9708486

    • SHA512

      67e03f909bb6ae0361c80e3c4921e86f38d67237f8da22fd83e3ee51dc70b7a9f6859f990810de2fd9dc5823f6771d0ef37cf231c6bf3af433863e203958c59c

    • SSDEEP

      6144:X6d30w6+NhJWgmRA5OzXlppA4ro/R+nXEUiwgk86mCdyEFN2:X6d16HA5OzxroAnXEjY86HlN

    Score
    10/10
    netwirebotnetpersistenceratstealer

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks