General

  • Target

    wdfr.exe

  • Size

    270KB

  • Sample

    200629-yx4h8zar2x

  • MD5

    3e5606ac4cfc7377397427ef830512ab

  • SHA1

    5b2a314125e3ce989cacde910153349bc0fd0a8b

  • SHA256

    fcfc89b5ad3b4e406664cdd8408f56fe8b0c9a9eeb50fc821f2e89a9785c9f3e

  • SHA512

    27c0daa41b45bf73bcb9dd688c23fba207f9c7252c864206438738966c7a6feb26727f4ea491095138915c8430fd8d55db704222e6f7e31c43faaa0be7303e2c

Malware Config

Targets

    • Target

      wdfr.exe

    • Size

      270KB

    • MD5

      3e5606ac4cfc7377397427ef830512ab

    • SHA1

      5b2a314125e3ce989cacde910153349bc0fd0a8b

    • SHA256

      fcfc89b5ad3b4e406664cdd8408f56fe8b0c9a9eeb50fc821f2e89a9785c9f3e

    • SHA512

      27c0daa41b45bf73bcb9dd688c23fba207f9c7252c864206438738966c7a6feb26727f4ea491095138915c8430fd8d55db704222e6f7e31c43faaa0be7303e2c

    • NetWire RAT payload

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    • Executes dropped EXE

    • Drops startup file

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks