netwire | daedd0017e4c1d2488d55bd08172c84420577c6c0a1d617d4c1c455870012bc4 | Triage

Submit
Reports

Overview

overview

Static

static

daedd0017e...c4.exe

windows7_x64

daedd0017e...c4.exe

windows10_x64

Sharing

General

Target

daedd0017e4c1d2488d55bd08172c84420577c6c0a1d617d4c1c455870012bc4
Size

15.0MB
Sample

201112-lvcvqj3rd2
MD5

59a413614e91e86b933a42e4abdf1d43
SHA1

2d4ae51600e384dfcc8c054ff8c798055d008f87
SHA256

daedd0017e4c1d2488d55bd08172c84420577c6c0a1d617d4c1c455870012bc4
SHA512

1e771d3c37f9035f4a813e062c9327bc1a14e34a29aee4bced9613555bb684c581cf121a83f5daa0e4a7e1ac2b430c34b3f190171d4f8a50f4f89bfdb8b6a93c

Score

10^/10

netwire remcos botnet evasion persistence rat stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

daedd0017e4c1d2488d55bd08172c84420577c6c0a1d617d4c1c455870012bc4.exe

Resource

win7v20201028

netwire remcos botnet evasion persistence rat stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

daedd0017e4c1d2488d55bd08172c84420577c6c0a1d617d4c1c455870012bc4.exe

Resource

win10v20201028

evasion persistence trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

remcos

C2

roxy.dynalias.net:3297

regiskm67.buyshouses.net:3297

dico.is-a-liberal.com:3297

neverdiemosole.is-a-doctor.com:3297

zeusnodie.mypets.ws:3297

nvdiedicobies.is-a-hard-worker.com:3297

nvdieroxy.kicks-ass.net:3297

nvdiedicozeuse.webhop.org:3297

Targets

- Target
  
  daedd0017e4c1d2488d55bd08172c84420577c6c0a1d617d4c1c455870012bc4
- Size
  
  15.0MB
- MD5
  
  59a413614e91e86b933a42e4abdf1d43
- SHA1
  
  2d4ae51600e384dfcc8c054ff8c798055d008f87
- SHA256
  
  daedd0017e4c1d2488d55bd08172c84420577c6c0a1d617d4c1c455870012bc4
- SHA512
  
  1e771d3c37f9035f4a813e062c9327bc1a14e34a29aee4bced9613555bb684c581cf121a83f5daa0e4a7e1ac2b430c34b3f190171d4f8a50f4f89bfdb8b6a93c
Score

10^/10

netwire remcos botnet evasion persistence rat stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Modifies security service
  evasion
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Modifies service
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

netwireremcosbotnetevasionpersistenceratstealertrojan

behavioral2

evasionpersistencetrojan

© 2018-2024

Terms | Privacy