Overview

overview

10

Static

static

5b30c4dafd...d8.exe

windows7-x64

10

5b30c4dafd...d8.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5b30c4dafd1eec3dda306ba50cbe3eea2776d1851417602f51c94308ca0c06d8

  • Size

    288KB

  • Sample

    221128-xpl9qahd83

  • MD5

    b64e104e4311c786de0455bf83677263

  • SHA1

    7782ea628b522c987be35eaf0a65151304260f3e

  • SHA256

    5b30c4dafd1eec3dda306ba50cbe3eea2776d1851417602f51c94308ca0c06d8

  • SHA512

    2bb1cb4ff4127ea1dc4739e7ea8e52049a1659ceb94638d98f87a9804b47f50a403ff5a641549cac7a4a5eea895f1e14d77d2161e37deae16e0e0380e8e29657

  • SSDEEP

    6144:8akMy0hZLDtnu+B1GeKwrF+zX+8PSj8EqLLKfKYEp:88VhZoLe7MzRSI/Kf

Score
10/10
netwirebotnetpersistenceratstealer

Malware Config

Targets

    • Target

      5b30c4dafd1eec3dda306ba50cbe3eea2776d1851417602f51c94308ca0c06d8

    • Size

      288KB

    • MD5

      b64e104e4311c786de0455bf83677263

    • SHA1

      7782ea628b522c987be35eaf0a65151304260f3e

    • SHA256

      5b30c4dafd1eec3dda306ba50cbe3eea2776d1851417602f51c94308ca0c06d8

    • SHA512

      2bb1cb4ff4127ea1dc4739e7ea8e52049a1659ceb94638d98f87a9804b47f50a403ff5a641549cac7a4a5eea895f1e14d77d2161e37deae16e0e0380e8e29657

    • SSDEEP

      6144:8akMy0hZLDtnu+B1GeKwrF+zX+8PSj8EqLLKfKYEp:88VhZoLe7MzRSI/Kf

    Score
    10/10
    netwirebotnetratstealerpersistence

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks