General

  • Target

    250514-bmdznstvas.bin

  • Size

    273KB

  • Sample

    250514-bz42matvh1

  • MD5

    85e414fdd2e447e03d4f3c724d1b29b8

  • SHA1

    db980ed136f642dc1d8e9b3926eeb6bff805616d

  • SHA256

    954f5e5d737d2af5ee509c5661dbb95819261eb90d7131f1fde9c3c798bb5d5d

  • SHA512

    bd910673ab6e22e6299df98385ef658f88ac18fd9c9582ed87f5d0ba1fa1e65201ec973ef0a9d933f2ceb7fbd9a2eb56b9a83f909b1f0d54f167b564fce132a7

  • SSDEEP

    6144:ebhnot4+sbOAtbkfHLDiT6OzR8Q0l+/NyqRKbhoXqqD8Xck8B:elnot4+UwLDiT6OzR8llAgqbB

Malware Config

Targets

    • Target

      250514-bmdznstvas.bin

    • Size

      273KB

    • MD5

      85e414fdd2e447e03d4f3c724d1b29b8

    • SHA1

      db980ed136f642dc1d8e9b3926eeb6bff805616d

    • SHA256

      954f5e5d737d2af5ee509c5661dbb95819261eb90d7131f1fde9c3c798bb5d5d

    • SHA512

      bd910673ab6e22e6299df98385ef658f88ac18fd9c9582ed87f5d0ba1fa1e65201ec973ef0a9d933f2ceb7fbd9a2eb56b9a83f909b1f0d54f167b564fce132a7

    • SSDEEP

      6144:ebhnot4+sbOAtbkfHLDiT6OzR8Q0l+/NyqRKbhoXqqD8Xck8B:elnot4+UwLDiT6OzR8llAgqbB

    • NetWire RAT payload

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    • Netwire family

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks