The message rar attachment contains an executable file: the malware itself. Stolen data is exfiltrated with smtp.
Technical analysis by the Malware Hunter JAMESWT
Netwire hides behind the purchase of a property. The email 7z attachment hides an executable inside. This is the malware itself
Netwire is hiding in a phishing campaign linked to the purchase of a real estate property. The email 7z attachment hides an executable inside.
This is the malware itself and if opened it activates the chain of infection.
Netwire is a RAT, focused on password theft and keylogging, as well as including remote control features. It has been used by cybercrime groups since 2012 and distributed through various social engineering campaigns.