Overview

overview

10

Static

static

5

COVID-19 TIPS.exe

windows7-x64

10

COVID-19 TIPS.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1325429459053bd643c4f98753ee19d7_JaffaCakes118

  • Size

    682KB

  • Sample

    240504-rx1jesge9w

  • MD5

    1325429459053bd643c4f98753ee19d7

  • SHA1

    b65b553b4e8427a52666f0d70f73b032fa58c3d3

  • SHA256

    cc2c9b6a03c60515e48c738fdc2f6f8bb1c3a09a8997168f01d813f48a57925a

  • SHA512

    de10b8398660594ceaf488e3e0c48b7bb2aee7eedf5d316c3d0f93c14af4b7d95b2a9bcc3f62864eb54ef3036a47cde3343900b436646f23528aab921e7f981a

  • SSDEEP

    12288:AFLscrKdB/GO+c/yR+VD0Q3RGySgpQB9PIaCZ7k6KvFiACV8A:avrwJ+cfV0Q3RGy5wdIaJ6vtb

Score
10/10
netwirebotnetratstealer

Malware Config

Extracted

Family

netwire

C2

ihracat.myq-see.com:5770

Attributes
  • activex_autorun

    false

  • copy_executable

    false

  • delete_original

    false

  • host_id

    2020-Clienst

  • keylogger_dir

    %AppData%\Logs\

  • lock_executable

    false

  • mutex

    hsFkbJUl

  • offline_keylogger

    true

  • password

    backdooR1

  • registry_autorun

    false

  • use_mutex

    true

Targets

    • Target

      COVID-19 TIPS.exe

    • Size

      1.2MB

    • MD5

      4270322408c1ccbc3f20511f12f9fefe

    • SHA1

      326a3640501c786d1293a162e3b80c9472353d19

    • SHA256

      c9fa7ba9ae9c20373f723ae4cdfacb18053c42d38fa31dc1fb52cfffa2e9297a

    • SHA512

      61b6b7885c325706f896d4e85ac18abdeeed9a3baa680057883e760992da3ced98e0a5c1f3dc382c8832687aa02030a2b1e1c8b48560178c498b5df678190e92

    • SSDEEP

      24576:ltb20pkaCqT5TBWgNQ7arr9ekXqitTlpb6A:WVg5tQ7aVekbTj5

    Score
    10/10
    netwirebotnetratstealer

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks