Overview

overview

10

Static

static

baf168f95f...3d.exe

windows7-x64

10

baf168f95f...3d.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    baf168f95f37380c22bc1e385e73fdae7ac384381a0586084dbf94d8f639063d

  • Size

    160KB

  • Sample

    221128-v2m1nscd25

  • MD5

    353e2f067d91a418c1e33a0c6fc438ab

  • SHA1

    1fafad6f29fe51416f05f2644742d10ebfae86e2

  • SHA256

    baf168f95f37380c22bc1e385e73fdae7ac384381a0586084dbf94d8f639063d

  • SHA512

    4895ac68a8bbdb699b11f5bfa771a65d651d36e1b03813af0747660187fd10964bd44df5db0a663f344270b20c9c046525222f80195c99b79f591da2058ed337

  • SSDEEP

    3072:HQl1XQB8Dl2v90PgQLVBpPXGVc8R3dB88BoyRs9oFTecls6QmSTq2JpEu:w1XQB8xVXGVc87tZMcls6QmS9k

Score
10/10
netwirebotnetpersistenceratstealer

Malware Config

Targets

    • Target

      baf168f95f37380c22bc1e385e73fdae7ac384381a0586084dbf94d8f639063d

    • Size

      160KB

    • MD5

      353e2f067d91a418c1e33a0c6fc438ab

    • SHA1

      1fafad6f29fe51416f05f2644742d10ebfae86e2

    • SHA256

      baf168f95f37380c22bc1e385e73fdae7ac384381a0586084dbf94d8f639063d

    • SHA512

      4895ac68a8bbdb699b11f5bfa771a65d651d36e1b03813af0747660187fd10964bd44df5db0a663f344270b20c9c046525222f80195c99b79f591da2058ed337

    • SSDEEP

      3072:HQl1XQB8Dl2v90PgQLVBpPXGVc8R3dB88BoyRs9oFTecls6QmSTq2JpEu:w1XQB8xVXGVc87tZMcls6QmS9k

    Score
    10/10
    netwirebotnetratstealerpersistence

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks