General

  • Target

    6a7865952c9e5c12f66a59623cea60294f4a65ec5c2ea158b1a5d040a1317ad7

  • Size

    350KB

  • Sample

    221127-xa2e4adh7y

  • MD5

    defca5a1c7ae269d91160f7c85d0711f

  • SHA1

    01946a5d635252b3ecc67c53bc2d1d62b7bf3186

  • SHA256

    6a7865952c9e5c12f66a59623cea60294f4a65ec5c2ea158b1a5d040a1317ad7

  • SHA512

    7ad39e31d506decd077f0550405332ba0a6e59b22ded5cd5a73c9adecabe19b112893b53e6fe7b52b4330ea5712f93976ca4d9540c2350942531c46843199d17

  • SSDEEP

    3072:HJY1OdlyeCeKEH7/LgCDAW3WQ0yhiGjsJ8wHuTJOp:LlvKEb/LgCpmROiL8wOl

Malware Config

Targets

    • Target

      6a7865952c9e5c12f66a59623cea60294f4a65ec5c2ea158b1a5d040a1317ad7

    • Size

      350KB

    • MD5

      defca5a1c7ae269d91160f7c85d0711f

    • SHA1

      01946a5d635252b3ecc67c53bc2d1d62b7bf3186

    • SHA256

      6a7865952c9e5c12f66a59623cea60294f4a65ec5c2ea158b1a5d040a1317ad7

    • SHA512

      7ad39e31d506decd077f0550405332ba0a6e59b22ded5cd5a73c9adecabe19b112893b53e6fe7b52b4330ea5712f93976ca4d9540c2350942531c46843199d17

    • SSDEEP

      3072:HJY1OdlyeCeKEH7/LgCDAW3WQ0yhiGjsJ8wHuTJOp:LlvKEb/LgCpmROiL8wOl

    • NetWire RAT payload

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks