Overview

overview

10

Static

static

e36e643025...13.exe

windows7_x64

10

e36e643025...13.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e36e64302515b1465d197e94c77409ae372467cfe6fa97788beb804b7485ea13.zip

  • Size

    541KB

  • Sample

    201204-6fmfybns4j

  • MD5

    87bd8f6043e1bab873b04cf3e364e4c3

  • SHA1

    270ac6fb251b985a678eedaf7aba03ce2fc32b9a

  • SHA256

    dfefd22adcba8488c8ba0da4fa28e16fb91661354db3707d78a960e0120661c8

  • SHA512

    ab05cf3a94fb0daf56e9529d348a25f6040dd0a3d5bc77f6b4d72ae96b69186f9d61a9a712ac59f6c19fab518d7c0eb2338bb706f41deb61f451f9d6e103903f

Score
10/10
netwirebotnetratstealer

Malware Config

Targets

    • Target

      e36e64302515b1465d197e94c77409ae372467cfe6fa97788beb804b7485ea13

    • Size

      968KB

    • MD5

      2ae85324234dd99b418a578df2a3c594

    • SHA1

      67a33569e74a8a9a49c0aa242c77aa431c833303

    • SHA256

      e36e64302515b1465d197e94c77409ae372467cfe6fa97788beb804b7485ea13

    • SHA512

      01590f59d0077cebdcf2533fb4dfce7507884dbc56435ab1c0474569351b4bec3046cb7b8d4410d822633a704e91ce3a74cad855b9a64f49640ec2baa973c87c

    Score
    10/10
    netwirebotnetratstealer

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks