General

  • Target

    fafe264a78aab8cc5f31b67519c8fb395c595e38de89d1279bb8a032e479fedc

  • Size

    388KB

  • Sample

    230129-y7vjgsca96

  • MD5

    34654a94e660d58f0b6945fef2cee186

  • SHA1

    9abfb37c42453dd08715febf84ab3a31aae13cb3

  • SHA256

    fafe264a78aab8cc5f31b67519c8fb395c595e38de89d1279bb8a032e479fedc

  • SHA512

    d05b57d32c48b188bb994bb83c331743477de7f62339ebd1a912c530351f1c7acf94c4865e6bd4102439d9adb72dad71cab42d32e7f7af035064fbc4b23259f9

  • SSDEEP

    6144:ibMyg1qD4LM0Pg/MPd/3LtrRPNUpB+kn8/2///0DdWSPB6VKYGzzz03iU8dnH:IYLkEF/35nt7D4SPB6V3GzJnH

Malware Config

Extracted

Family

netwire

C2

porshe.camdvr.org:1603

Attributes
  • activex_autorun

    false

  • copy_executable

    false

  • delete_original

    false

  • host_id

    HostId-%Rand%

  • lock_executable

    false

  • offline_keylogger

    false

  • password

    Password

  • registry_autorun

    false

  • use_mutex

    false

Targets

    • Target

      fafe264a78aab8cc5f31b67519c8fb395c595e38de89d1279bb8a032e479fedc

    • Size

      388KB

    • MD5

      34654a94e660d58f0b6945fef2cee186

    • SHA1

      9abfb37c42453dd08715febf84ab3a31aae13cb3

    • SHA256

      fafe264a78aab8cc5f31b67519c8fb395c595e38de89d1279bb8a032e479fedc

    • SHA512

      d05b57d32c48b188bb994bb83c331743477de7f62339ebd1a912c530351f1c7acf94c4865e6bd4102439d9adb72dad71cab42d32e7f7af035064fbc4b23259f9

    • SSDEEP

      6144:ibMyg1qD4LM0Pg/MPd/3LtrRPNUpB+kn8/2///0DdWSPB6VKYGzzz03iU8dnH:IYLkEF/35nt7D4SPB6V3GzJnH

    • NetWire RAT payload

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks