Overview

overview

10

Static

static

0b9bc968f0...dd.exe

windows7-x64

10

0b9bc968f0...dd.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0b9bc968f01e07876afd8c6c622adc2c9e4bc5cc7c7328bc6cfe65e5fa95f6dd

  • Size

    287KB

  • Sample

    221126-cn82wahd3z

  • MD5

    7d5b601c27302c65118eb6879a82387e

  • SHA1

    5c46f16bc17ef96d7ad9dc008097792c7e23ab8e

  • SHA256

    0b9bc968f01e07876afd8c6c622adc2c9e4bc5cc7c7328bc6cfe65e5fa95f6dd

  • SHA512

    1ac722e5b136293b5d4463328b3f58feb2acec13180ac2feee4aac4aa0c30475ef40681dc8ae165fd2107f25208c7126b1e67cd6f7da35b59a359b8f0f746165

  • SSDEEP

    6144:0+Wjuh1Z0Y3MZDixkEW/6gbbhz9WHoYQQUYKJWi7Bi4WAo:01u3MSkR/6CbhzgHTHpKIi7r7o

Score
10/10
netwirebotnetpersistenceratstealerupx

Malware Config

Targets

    • Target

      0b9bc968f01e07876afd8c6c622adc2c9e4bc5cc7c7328bc6cfe65e5fa95f6dd

    • Size

      287KB

    • MD5

      7d5b601c27302c65118eb6879a82387e

    • SHA1

      5c46f16bc17ef96d7ad9dc008097792c7e23ab8e

    • SHA256

      0b9bc968f01e07876afd8c6c622adc2c9e4bc5cc7c7328bc6cfe65e5fa95f6dd

    • SHA512

      1ac722e5b136293b5d4463328b3f58feb2acec13180ac2feee4aac4aa0c30475ef40681dc8ae165fd2107f25208c7126b1e67cd6f7da35b59a359b8f0f746165

    • SSDEEP

      6144:0+Wjuh1Z0Y3MZDixkEW/6gbbhz9WHoYQQUYKJWi7Bi4WAo:01u3MSkR/6CbhzgHTHpKIi7r7o

    Score
    10/10
    netwirebotnetpersistenceratstealerupx

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Modifies Installed Components in the registry

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks