General

  • Target

    13cea6d656bcb5b411cb752db32350c51ce1e6794b75de96bdb20efe6ea4ceb0

  • Size

    175KB

  • Sample

    221127-191jmagg21

  • MD5

    6aa0e97bec377f4c535c4173f6c256a7

  • SHA1

    d6c4a2d49f3dbfe80a273da580b076a510a88c18

  • SHA256

    13cea6d656bcb5b411cb752db32350c51ce1e6794b75de96bdb20efe6ea4ceb0

  • SHA512

    ff024f1848816aa385986e6abb8040f329a9d6ceafb28db3d7ffe40e3509a82a3239c84df1c0173ac4eedc61f434da4654db60e7db3b4f714fdb3cec2722fac2

  • SSDEEP

    3072:P4sye0QXZRRDmlglKsXZ19qkGDfpzfhCLGVPUuycMB:wsy7AFygweZ7v6fdhQGhU19

Malware Config

Targets

    • Target

      13cea6d656bcb5b411cb752db32350c51ce1e6794b75de96bdb20efe6ea4ceb0

    • Size

      175KB

    • MD5

      6aa0e97bec377f4c535c4173f6c256a7

    • SHA1

      d6c4a2d49f3dbfe80a273da580b076a510a88c18

    • SHA256

      13cea6d656bcb5b411cb752db32350c51ce1e6794b75de96bdb20efe6ea4ceb0

    • SHA512

      ff024f1848816aa385986e6abb8040f329a9d6ceafb28db3d7ffe40e3509a82a3239c84df1c0173ac4eedc61f434da4654db60e7db3b4f714fdb3cec2722fac2

    • SSDEEP

      3072:P4sye0QXZRRDmlglKsXZ19qkGDfpzfhCLGVPUuycMB:wsy7AFygweZ7v6fdhQGhU19

    • NetWire RAT payload

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    • Executes dropped EXE

    • Modifies Installed Components in the registry

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

2
T1060

Defense Evasion

Modify Registry

3
T1112

Install Root Certificate

1
T1130

Tasks