netwire | 73429ed369e556843e28f21b233a49aa9cc7b55d36c5be69f3745a75d17eaf1f | Triage

Submit
Reports

Overview

overview

Static

static

DHL Document.exe

windows7_x64

DHL Document.exe

windows10_x64

Sharing

General

Target

DHL Document.exe
Size

1.1MB
Sample

210303-6n3x27spw2
MD5

92900a9f09ad28e0e6068988f85383c4
SHA1

d2088728af43a30bd69fd4bff9db5e9a6f54d55c
SHA256

73429ed369e556843e28f21b233a49aa9cc7b55d36c5be69f3745a75d17eaf1f
SHA512

77ff1b0a1d99f92204955a60599953965292ead8dc41c2b993a4c522350eeb50efead8fcc7500d72e823b04efa6165e750fcc5f5f793f8af192252cebc354d40

Score

10^/10

netwire botnet rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

DHL Document.exe

Resource

win7v20201028

netwire botnet rat stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

DHL Document.exe

Resource

win10v20201028

netwire botnet rat stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  DHL Document.exe
- Size
  
  1.1MB
- MD5
  
  92900a9f09ad28e0e6068988f85383c4
- SHA1
  
  d2088728af43a30bd69fd4bff9db5e9a6f54d55c
- SHA256
  
  73429ed369e556843e28f21b233a49aa9cc7b55d36c5be69f3745a75d17eaf1f
- SHA512
  
  77ff1b0a1d99f92204955a60599953965292ead8dc41c2b993a4c522350eeb50efead8fcc7500d72e823b04efa6165e750fcc5f5f793f8af192252cebc354d40
Score

10^/10

netwire botnet rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

netwirebotnetratstealer

behavioral2

netwirebotnetratstealer

© 2018-2024

Terms | Privacy