General

  • Target

    00356e79e7a08ebf31b17e50182868d721e250858eb143e3b31e5c4d05e8a25b

  • Size

    950KB

  • Sample

    221127-r1bz8saa3v

  • MD5

    5e0194f52714555150f5a255b41c1f45

  • SHA1

    1da2e3af983e08dbeec3931c796cc6c22d7ab67f

  • SHA256

    00356e79e7a08ebf31b17e50182868d721e250858eb143e3b31e5c4d05e8a25b

  • SHA512

    e2d61183e260a093d36e2c4b4a1394197790ed4622bb4c87191fb9e1ab53e548d79e8845adf275ed7faa8d89bbcf1237e909c9de1365448adadbf927f6175585

  • SSDEEP

    24576:W4lavt0LkLL9IMixoEgeaqbQ9N/q9MmCS:hkwkn9IMHeaqbiaPCS

Malware Config

Targets

    • Target

      00356e79e7a08ebf31b17e50182868d721e250858eb143e3b31e5c4d05e8a25b

    • Size

      950KB

    • MD5

      5e0194f52714555150f5a255b41c1f45

    • SHA1

      1da2e3af983e08dbeec3931c796cc6c22d7ab67f

    • SHA256

      00356e79e7a08ebf31b17e50182868d721e250858eb143e3b31e5c4d05e8a25b

    • SHA512

      e2d61183e260a093d36e2c4b4a1394197790ed4622bb4c87191fb9e1ab53e548d79e8845adf275ed7faa8d89bbcf1237e909c9de1365448adadbf927f6175585

    • SSDEEP

      24576:W4lavt0LkLL9IMixoEgeaqbQ9N/q9MmCS:hkwkn9IMHeaqbiaPCS

    • NetWire RAT payload

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks