Overview

overview

10

Static

static

77c4fe1378...27.exe

windows7-x64

10

77c4fe1378...27.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    77c4fe1378a2357f98acdac2bb027ad1cd24cfd17e4b9a669be256fa0ff93a27

  • Size

    267KB

  • Sample

    221128-gvxdwafd9t

  • MD5

    994f1483002da7a477deced313d479c4

  • SHA1

    f80961a22a97fa8f4c26496b750d8b75e00cc554

  • SHA256

    77c4fe1378a2357f98acdac2bb027ad1cd24cfd17e4b9a669be256fa0ff93a27

  • SHA512

    8e9e30e6ffd3a8cc106c6e4f5c80056cf569e8bd4f15a0adbcefd81cf27f23ad4e6b969053b43ec336f1bd7067c6b94d771a9fcab5035c68a22529966c993ab3

  • SSDEEP

    6144:8lCJckrv/5dKMk8J+/onvXC953fDs1p1GYeOBS0esJaq47z:84JbXrXPS954BDBS0eMadz

Score
10/10
netwirebotnetratstealer

Malware Config

Targets

    • Target

      77c4fe1378a2357f98acdac2bb027ad1cd24cfd17e4b9a669be256fa0ff93a27

    • Size

      267KB

    • MD5

      994f1483002da7a477deced313d479c4

    • SHA1

      f80961a22a97fa8f4c26496b750d8b75e00cc554

    • SHA256

      77c4fe1378a2357f98acdac2bb027ad1cd24cfd17e4b9a669be256fa0ff93a27

    • SHA512

      8e9e30e6ffd3a8cc106c6e4f5c80056cf569e8bd4f15a0adbcefd81cf27f23ad4e6b969053b43ec336f1bd7067c6b94d771a9fcab5035c68a22529966c993ab3

    • SSDEEP

      6144:8lCJckrv/5dKMk8J+/onvXC953fDs1p1GYeOBS0esJaq47z:84JbXrXPS954BDBS0eMadz

    Score
    10/10
    netwirebotnetratstealer

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks