Overview

overview

10

Static

static

3

7b527aa6b0...18.exe

windows7-x64

10

7b527aa6b0...18.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

uninstall.exe

windows7-x64

7

uninstall.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7b527aa6b088479c8ae3d69ce13f374f_JaffaCakes118

  • Size

    237KB

  • Sample

    240528-cghaksbh57

  • MD5

    7b527aa6b088479c8ae3d69ce13f374f

  • SHA1

    a668c9895849396d44f37d65d3295d1bd33d27b5

  • SHA256

    9ccc6b26315468a08a3822ff6d180d5525bbd3c80b91a0e31502e256876d033f

  • SHA512

    565f41f827ebffbd8eaa3ceb03a5ee6e83d56a4e1e211502f18e3eb35ba7d84e928823500227e04ac409691b282b2fe3759a52f50735226b2c3753afeac0c40f

  • SSDEEP

    6144:j1onDQ94fjMci/K62iofEHUMEY0+h2teAfH:BoDQ9AME62iofEHf2fnP

Score
10/10
netwirebotnetratstealer

Malware Config

Extracted

Family

netwire

C2

88.150.227.73:1945

Attributes
  • activex_autorun

    false

  • copy_executable

    false

  • delete_original

    false

  • host_id

    HAVANA-%Rand%

  • keylogger_dir

    %AppData%\Havana\

  • lock_executable

    false

  • mutex

    poTGpHhl

  • offline_keylogger

    true

  • password

    WeWillFuckTheWorld078

  • registry_autorun

    false

  • use_mutex

    true

Targets

    • Target

      7b527aa6b088479c8ae3d69ce13f374f_JaffaCakes118

    • Size

      237KB

    • MD5

      7b527aa6b088479c8ae3d69ce13f374f

    • SHA1

      a668c9895849396d44f37d65d3295d1bd33d27b5

    • SHA256

      9ccc6b26315468a08a3822ff6d180d5525bbd3c80b91a0e31502e256876d033f

    • SHA512

      565f41f827ebffbd8eaa3ceb03a5ee6e83d56a4e1e211502f18e3eb35ba7d84e928823500227e04ac409691b282b2fe3759a52f50735226b2c3753afeac0c40f

    • SSDEEP

      6144:j1onDQ94fjMci/K62iofEHUMEY0+h2teAfH:BoDQ9AME62iofEHf2fnP

    Score
    10/10
    netwirebotnetratstealer

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      3e277798b9d8f48806fbb5ebfd4990db

    • SHA1

      d1ab343c5792bc99599ec7acba506e8ba7e05969

    • SHA256

      fe19353288a08a5d2640a9c022424a1d20e4909a351f2114423e087313a40d7c

    • SHA512

      84c9d4e2e6872277bffb0e10b292c8c384d475ad163fd0a47ca924a3c79077dfde880f535a171660f73265792554129161d079a10057d44e28e2d57ebc477e92

    • SSDEEP

      192:d4n3T5aK+dHCMR1aQR9RuZl3WWmU7WYZsw1JpVGnrjsK72dwF7dBOne:Wn3T5KdHCMRD/R1cOnrjs+BO

    Score
    3/10
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      3f176d1ee13b0d7d6bd92e1c7a0b9bae

    • SHA1

      fe582246792774c2c9dd15639ffa0aca90d6fd0b

    • SHA256

      fa4ab1d6f79fd677433a31ada7806373a789d34328da46ccb0449bbf347bd73e

    • SHA512

      0a69124819b7568d0dea4e9e85ce8fe61c7ba697c934e3a95e2dcfb9f252b1d9da7faf8774b6e8efd614885507acc94987733eba09a2f5e7098b774dfc8524b6

    • SSDEEP

      192:OPtkumJX7zB22kGwfy0mtVgkCPOsX1un:/702k5qpdsXQn

    Score
    3/10
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      6KB

    • MD5

      b5a1f9dc73e2944a388a61411bdd8c70

    • SHA1

      dc9b20df3f3810c2e81a0c54dea385704ba8bef7

    • SHA256

      288100583f65a2b7acfc0c7e231c0e268c58d3067675543f627c01e82f6fd884

    • SHA512

      b9c8d71b5da00f2aff7847b9ec3bd8a588afeb525f47a0df235b52f7b2233edb3928a2c8e0b493f287c923cc52a340ad6fee99822595d6591df0e97870de92a8

    • SSDEEP

      96:p7GUxNkO6GR0t9GKKr1Zd8NHYVVHp4dEeY3kRnHdMqqyVgNQ3e:lXhHR0aTQN4gRHdMqJVgNH

    Score
    3/10
    behavioral7behavioral8

    • Target

      uninstall.exe

    • Size

      58KB

    • MD5

      a53a912fab731bed752d8421d7de4dd2

    • SHA1

      90289c2fa0c47350cd85ea1cb5d5e13de27f551a

    • SHA256

      960293e0cfc7f99fe7d6f90065e3712c0ebfdfb3a259e9d2758fe305aa57c61a

    • SHA512

      f9e2c3ccf04664bfd90f8d30ab35e8be64b5c6cc0b5d8d795a7d7b514a50277831637a4acbbe03113bb3c17abec9765122e3122e7c12672e278505d2d56feda6

    • SSDEEP

      1536:j1E/rzW2pakRmB7BW3nKsciPgdLeAyN0X7qgFXYtP:j1E/rS2paccKntcqceAD7vFXYtP

    Score
    7/10

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral10behavioral9

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      3f176d1ee13b0d7d6bd92e1c7a0b9bae

    • SHA1

      fe582246792774c2c9dd15639ffa0aca90d6fd0b

    • SHA256

      fa4ab1d6f79fd677433a31ada7806373a789d34328da46ccb0449bbf347bd73e

    • SHA512

      0a69124819b7568d0dea4e9e85ce8fe61c7ba697c934e3a95e2dcfb9f252b1d9da7faf8774b6e8efd614885507acc94987733eba09a2f5e7098b774dfc8524b6

    • SSDEEP

      192:OPtkumJX7zB22kGwfy0mtVgkCPOsX1un:/702k5qpdsXQn

    Score
    3/10
    behavioral11behavioral12

MITRE ATT&CK Matrix ATT&CK v13

Tasks