General

  • Target

    9bda5844c143a240b783782f1f84cb43a300dd5e1bebfa5531cd13b462b9f371

  • Size

    152KB

  • Sample

    221128-e1ed5sed73

  • MD5

    66d623963844d8d6db2f897cbe07c936

  • SHA1

    195b128adb038e7f610ed1330799db2d8150a1a3

  • SHA256

    9bda5844c143a240b783782f1f84cb43a300dd5e1bebfa5531cd13b462b9f371

  • SHA512

    dbfe099e913e07f0028885b8b3a285cefdd9eab1bf156a5c6496958d47ecf4d9b7945fb060886f2a66ef5658ec9ded3309dffc61493947dd62e902ff1d302df3

  • SSDEEP

    3072:t/uD5UMdQXKnzVktvcTGdpW1VdXGZf6Zpv9thVHPsV:wD5zd0Kn+tvwuW1fXGZfwt9

Malware Config

Targets

    • Target

      9bda5844c143a240b783782f1f84cb43a300dd5e1bebfa5531cd13b462b9f371

    • Size

      152KB

    • MD5

      66d623963844d8d6db2f897cbe07c936

    • SHA1

      195b128adb038e7f610ed1330799db2d8150a1a3

    • SHA256

      9bda5844c143a240b783782f1f84cb43a300dd5e1bebfa5531cd13b462b9f371

    • SHA512

      dbfe099e913e07f0028885b8b3a285cefdd9eab1bf156a5c6496958d47ecf4d9b7945fb060886f2a66ef5658ec9ded3309dffc61493947dd62e902ff1d302df3

    • SSDEEP

      3072:t/uD5UMdQXKnzVktvcTGdpW1VdXGZf6Zpv9thVHPsV:wD5zd0Kn+tvwuW1fXGZfwt9

    • NetWire RAT payload

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Tasks