Overview

overview

10

Static

static

b1a39493d8...8d.exe

windows7-x64

10

b1a39493d8...8d.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b1a39493d8d12f50b5bda4a3605ab3575a52cf8bf8d7af7c5e3985298247338d

  • Size

    187KB

  • Sample

    221126-qp7r4aaf8s

  • MD5

    ad7bc59f118db2248df15b978dc7bdb2

  • SHA1

    e3a2d9607989b7df2986f885a606241f2c957dab

  • SHA256

    b1a39493d8d12f50b5bda4a3605ab3575a52cf8bf8d7af7c5e3985298247338d

  • SHA512

    12564d82a766818543b05653f9100e7a2ddcb1faf4aa49b716a792754f6534fb3469d85d9055cb5e876a5edadee16c3b86145b196984e98aec028feb6a2a18e1

  • SSDEEP

    3072:280LpCyI1k942N8n+N5JqFhgdHX5dadANxM0uT/Afz/w04hT8YI3DZn43YSnl00e:28ICyIOW2u+khOp4CM0UAL5Ao6I

Score
10/10
netwirebotnetratstealer

Malware Config

Targets

    • Target

      b1a39493d8d12f50b5bda4a3605ab3575a52cf8bf8d7af7c5e3985298247338d

    • Size

      187KB

    • MD5

      ad7bc59f118db2248df15b978dc7bdb2

    • SHA1

      e3a2d9607989b7df2986f885a606241f2c957dab

    • SHA256

      b1a39493d8d12f50b5bda4a3605ab3575a52cf8bf8d7af7c5e3985298247338d

    • SHA512

      12564d82a766818543b05653f9100e7a2ddcb1faf4aa49b716a792754f6534fb3469d85d9055cb5e876a5edadee16c3b86145b196984e98aec028feb6a2a18e1

    • SSDEEP

      3072:280LpCyI1k942N8n+N5JqFhgdHX5dadANxM0uT/Afz/w04hT8YI3DZn43YSnl00e:28ICyIOW2u+khOp4CM0UAL5Ao6I

    Score
    10/10
    netwirebotnetratstealer

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

4
T1012

System Information Discovery

5
T1082

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks