Overview

overview

10

Static

static

SV0092837728-2022.exe

windows7-x64

10

SV0092837728-2022.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SV0092837728-2022.7z

  • Size

    754KB

  • Sample

    221220-he9vpsca2s

  • MD5

    3ef273c2b199c433c4eb85121025ea40

  • SHA1

    1a17a981ad89fdc32efdac4bf473cd706dfc6a8c

  • SHA256

    a03a689655c87f015215389098a4b06ea66fc9a519c4ac70aaa8b3d01aee4cbd

  • SHA512

    a32df9d983086ba162ec69c169fdc7c054bf14ba2fce5a63afd7ae076288828150fc078fa1d3bf05ddc89df01f8fb9720d49e6f7c7f76f4f5d8d508c49d868cb

  • SSDEEP

    12288:0KwRvcwthRGOdMKUXqGTls1k4bH6YWLpwyZaM9+Un222mJo9nEUlAaPH2juz5feY:lwREwzwyWvlskmKLdZ15222Fv2jE52Y

Score
10/10
netwirebotnetratstealer

Malware Config

Extracted

Family

netwire

C2

podzeye2.duckdns.org:4433

Attributes
  • activex_autorun

    false

  • copy_executable

    false

  • delete_original

    false

  • host_id

    HostId-%Rand%

  • lock_executable

    false

  • offline_keylogger

    false

  • password

    Password

  • registry_autorun

    false

  • use_mutex

    false

Targets

    • Target

      SV0092837728-2022.exe

    • Size

      869KB

    • MD5

      e38953a7f1d52241b24754417c93bc30

    • SHA1

      963dacab1dab109ca641fcede8dfd0f664535c19

    • SHA256

      5de69c92fae7533c1138668cc12a7265cab882ba72c189b895731ec8269d6512

    • SHA512

      36ba8ef37bf0898d1c3619a7b829f2629b3933aff0f933d6608d4120dd51e25bf73e2702c6592a8630ebd77890d715b6479f61e8bef5fd0a7105aea37ecea62d

    • SSDEEP

      12288:9wlQKmomPZefUtvnQxdMjUDR7FlN1k4QB6YullyyO5M9+UnaoPtqvyuH/:XomxiUtQPb/lTkHSlbOa5aoQFf

    Score
    10/10
    netwirebotnetratstealer

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks