netwire | 6e76bd502c91158631cadf485ce44caa4d6504864735593fc23d90477a794d17 | Triage

Submit
Reports

Overview

overview

Static

static

8

Proforma Invoice.xls

windows7_x64

Proforma Invoice.xls

windows10_x64

Sharing

General

Target

Proforma Invoice.xls
Size

74KB
Sample

201119-r92d5yaqye
MD5

55db711144ff4a35faf58d982e7cf727
SHA1

ea7b59dde9f0600915069dec66f8410f25cb66fd
SHA256

6e76bd502c91158631cadf485ce44caa4d6504864735593fc23d90477a794d17
SHA512

92e99e23ef71f4b1b9e3f6733ca16d51a2e44a777581c6a4a9b35b4c3574620cbff37ba02052bd7932f75acd2b70a2750f4c53c0d87db75e8a10c4aa1cf4192a

Score

10^/10

netwire botnet macro persistence rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

Proforma Invoice.xls

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Proforma Invoice.xls

Resource

win10v20201028

netwire botnet persistence rat stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://cutt.ly/ZhqUH1O

Targets

- Target
  
  Proforma Invoice.xls
- Size
  
  74KB
- MD5
  
  55db711144ff4a35faf58d982e7cf727
- SHA1
  
  ea7b59dde9f0600915069dec66f8410f25cb66fd
- SHA256
  
  6e76bd502c91158631cadf485ce44caa4d6504864735593fc23d90477a794d17
- SHA512
  
  92e99e23ef71f4b1b9e3f6733ca16d51a2e44a777581c6a4a9b35b4c3574620cbff37ba02052bd7932f75acd2b70a2750f4c53c0d87db75e8a10c4aa1cf4192a
Score

10^/10

netwire botnet persistence rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blacklisted process makes network request
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

netwirebotnetpersistenceratstealer

© 2018-2024

Terms | Privacy