Overview

overview

10

Static

static

SIM Swap P...cx.exe

windows7_x64

10

SIM Swap P...cx.exe

windows10_x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SIM Swap Partner's Staff.docx.exe

  • Size

    649KB

  • Sample

    200712-xhsm9zr2cn

  • MD5

    421fea142d75f349e7ab849bcbb7eb51

  • SHA1

    ffca7676c442ad30521abacae9f177b924e533d9

  • SHA256

    f0d83e1cb17751183ffa5fd073d26287a8b6e003aeaccf75523824acc117beab

  • SHA512

    199b9165f36748bdc2ef188384dfa696c20f50f89266186361419049652a518d7d29ab49763e98a0bbd76ad0ffafd93da4d2eda2a573cb1f958c3f71420a5799

Score
10/10
netwirebotnetpersistenceratstealer

Malware Config

Targets

    • Target

      SIM Swap Partner's Staff.docx.exe

    • Size

      649KB

    • MD5

      421fea142d75f349e7ab849bcbb7eb51

    • SHA1

      ffca7676c442ad30521abacae9f177b924e533d9

    • SHA256

      f0d83e1cb17751183ffa5fd073d26287a8b6e003aeaccf75523824acc117beab

    • SHA512

      199b9165f36748bdc2ef188384dfa696c20f50f89266186361419049652a518d7d29ab49763e98a0bbd76ad0ffafd93da4d2eda2a573cb1f958c3f71420a5799

    Score
    10/10
    ratpersistencebotnetstealernetwire

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Adds Run entry to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks