netwire | ca7d0cd170dc326645352637b21087e96576f33aafebcb59cb3ea28952d7214d | Triage

Submit
Reports

Overview

overview

Static

static

Pokana2021011357.doc

windows7_x64

Pokana2021011357.doc

windows10_x64

Sharing

General

Target

Pokana2021011357.doc
Size

55KB
Sample

210113-ygx7772mt2
MD5

9a59fc2435737333486d786264c40542
SHA1

19ccdcf1cdafdd248080f7a0b4a481057125ebdf
SHA256

ca7d0cd170dc326645352637b21087e96576f33aafebcb59cb3ea28952d7214d
SHA512

eddb242b35355a91000d124a13bce5df1a929282f9ebf4554c261b14a1c473e75bf3c0d657f521b78d07e687ce26a749713a5aa9ffc908a53106b94744c69be5

Score

10^/10

netwire botnet persistence rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

Pokana2021011357.doc

Resource

win7v20201028

netwire botnet persistence rat stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Pokana2021011357.doc

Resource

win10v20201028

netwire botnet persistence rat stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://one.oziriss.club:2095/ol/o1.exe

Targets

- Target
  
  Pokana2021011357.doc
- Size
  
  55KB
- MD5
  
  9a59fc2435737333486d786264c40542
- SHA1
  
  19ccdcf1cdafdd248080f7a0b4a481057125ebdf
- SHA256
  
  ca7d0cd170dc326645352637b21087e96576f33aafebcb59cb3ea28952d7214d
- SHA512
  
  eddb242b35355a91000d124a13bce5df1a929282f9ebf4554c261b14a1c473e75bf3c0d657f521b78d07e687ce26a749713a5aa9ffc908a53106b94744c69be5
Score

10^/10

netwire botnet persistence rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

netwirebotnetpersistenceratstealer

behavioral2

netwirebotnetpersistenceratstealer

© 2018-2024

Terms | Privacy