General

  • Target

    98a2e13f4999ce40f9789189a3ab5eb16cd0590361b95c0d59ca030454a0bf6b

  • Size

    240KB

  • Sample

    221130-pxfsxaea81

  • MD5

    71d19d67285a6b763c4f83b8ce259038

  • SHA1

    de1bc1b15afbf71e0788a1bfe691293e8b29a1ae

  • SHA256

    98a2e13f4999ce40f9789189a3ab5eb16cd0590361b95c0d59ca030454a0bf6b

  • SHA512

    3dbc0a48057cce4f67395636ce10b494a51717045e70d8951044c49693dc097094fad9ef2deddc6b95b7262f6d1ad0e9d09185099ca92ec528113541455b3ceb

  • SSDEEP

    6144:ubtgFYBiXBvx84t8f6bG06fGSOLhY6A+EugurFtb:BOBiXBpxt8SZ6OY6IugurF9

Malware Config

Extracted

Family

netwire

C2

lamba.mywire.org:1604

Attributes
  • activex_autorun

    false

  • copy_executable

    false

  • delete_original

    false

  • host_id

    HostId-%Rand%

  • lock_executable

    false

  • offline_keylogger

    false

  • password

    Password

  • registry_autorun

    false

  • use_mutex

    false

Targets

    • Target

      98a2e13f4999ce40f9789189a3ab5eb16cd0590361b95c0d59ca030454a0bf6b

    • Size

      240KB

    • MD5

      71d19d67285a6b763c4f83b8ce259038

    • SHA1

      de1bc1b15afbf71e0788a1bfe691293e8b29a1ae

    • SHA256

      98a2e13f4999ce40f9789189a3ab5eb16cd0590361b95c0d59ca030454a0bf6b

    • SHA512

      3dbc0a48057cce4f67395636ce10b494a51717045e70d8951044c49693dc097094fad9ef2deddc6b95b7262f6d1ad0e9d09185099ca92ec528113541455b3ceb

    • SSDEEP

      6144:ubtgFYBiXBvx84t8f6bG06fGSOLhY6A+EugurFtb:BOBiXBpxt8SZ6OY6IugurF9

    • NetWire RAT payload

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks