General

  • Target

    723e38f58e65b8b7d46131511173e561.exe

  • Size

    680KB

  • Sample

    200630-cf89mf1haj

  • MD5

    723e38f58e65b8b7d46131511173e561

  • SHA1

    517710e731f08d0301c3f132d79793f3587a7452

  • SHA256

    7b9a1aa88be62eb638af26146fce0a1b71aec646d2495fb350dd6d56997e7582

  • SHA512

    d84a7dc0639219137c4afd5ec37a0143bd643ebbec188ab50e18965f63e4c2b73b0646c209cdf4052faf67b7a751019b45bb906d0cf58031094c36e5ff5f4b0f

Malware Config

Targets

    • Target

      723e38f58e65b8b7d46131511173e561.exe

    • Size

      680KB

    • MD5

      723e38f58e65b8b7d46131511173e561

    • SHA1

      517710e731f08d0301c3f132d79793f3587a7452

    • SHA256

      7b9a1aa88be62eb638af26146fce0a1b71aec646d2495fb350dd6d56997e7582

    • SHA512

      d84a7dc0639219137c4afd5ec37a0143bd643ebbec188ab50e18965f63e4c2b73b0646c209cdf4052faf67b7a751019b45bb906d0cf58031094c36e5ff5f4b0f

    • NetWire RAT payload

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    • Executes dropped EXE

    • Adds Run entry to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

2
T1112

Command and Control

Web Service

1
T1102

Tasks