netwire | 9a0550bcf1c770a3febe17adb59aa91717654e4d660fca29bd7ccff14da6256f | Triage

Submit
Reports

Overview

overview

Static

static

KR033172A5...DF.exe

windows7_x64

KR033172A5...DF.exe

windows10_x64

Sharing

General

Target

KR033172A562700243.PDF.exe
Size

789KB
Sample

210421-l286vjmhw6
MD5

5ca9ea11f89e982fc93ad12e656648a8
SHA1

0d0bd9cb9549638218db8c3442a3047e25ffc9a9
SHA256

9a0550bcf1c770a3febe17adb59aa91717654e4d660fca29bd7ccff14da6256f
SHA512

cd4f2d1ba153dea1d28a12d9566fdf5bb183ba795584b7e6dc049cb5e4fb1c007fa6581c1cec77f0c0917b9050300dc54213fdc877ab5c69905237dd8dff8262

Score

10^/10

netwire botnet rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

KR033172A562700243.PDF.exe

Resource

win7v20210408

netwire botnet rat stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

KR033172A562700243.PDF.exe

Resource

win10v20210410

netwire botnet rat stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

netwire

C2

194.156.90.31:5008

Attributes

activex_autorun
false
activex_key
copy_executable
false
delete_original
false
host_id
APRL-WORK
install_path
keylogger_dir
%AppData%\Logs\
lock_executable
false
mutex
offline_keylogger
true
password
Password
registry_autorun
false
startup_name
use_mutex
false

Targets

- Target
  
  KR033172A562700243.PDF.exe
- Size
  
  789KB
- MD5
  
  5ca9ea11f89e982fc93ad12e656648a8
- SHA1
  
  0d0bd9cb9549638218db8c3442a3047e25ffc9a9
- SHA256
  
  9a0550bcf1c770a3febe17adb59aa91717654e4d660fca29bd7ccff14da6256f
- SHA512
  
  cd4f2d1ba153dea1d28a12d9566fdf5bb183ba795584b7e6dc049cb5e4fb1c007fa6581c1cec77f0c0917b9050300dc54213fdc877ab5c69905237dd8dff8262
Score

10^/10

netwire botnet rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

netwirebotnetratstealer

behavioral2

netwirebotnetratstealer

© 2018-2024

Terms | Privacy