netwire | 9de81c4b0f4d76ada494588b6250165091db9f1b7e1b9cc84a4f621aafa92362 | Triage

Submit
Reports

Overview

overview

Static

static

9de81c4b0f...62.exe

windows7_x64

9de81c4b0f...62.exe

windows10_x64

Sharing

General

Target

9de81c4b0f4d76ada494588b6250165091db9f1b7e1b9cc84a4f621aafa92362
Size

644KB
Sample

210422-c4lkyjzgk2
MD5

aa7f4ac1c779a113a1f6deefe4980ae6
SHA1

7de6c7563fb13e8ae9fe682e79a2a65145aaf491
SHA256

9de81c4b0f4d76ada494588b6250165091db9f1b7e1b9cc84a4f621aafa92362
SHA512

8280cb3488f909599ecdc25517a4520320dab86a63e446cce46d045d04373d4826939bcf55088bad19dad542b5f5731bd1cee80cc3be5f4e8dc5e269bbbab230

Score

10^/10

netwire botnet rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

9de81c4b0f4d76ada494588b6250165091db9f1b7e1b9cc84a4f621aafa92362.exe

Resource

win7v20210410

netwire botnet rat stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

9de81c4b0f4d76ada494588b6250165091db9f1b7e1b9cc84a4f621aafa92362.exe

Resource

win10v20210408

netwire botnet rat stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

netwire

C2

194.5.98.97:3366

194.5.98.97:4081

194.5.98.97:3369

Attributes

activex_autorun
false
activex_key
copy_executable
false
delete_original
false
host_id
HostId-%Rand%
install_path
keylogger_dir
%AppData%\Logs\
lock_executable
false
mutex
offline_keylogger
true
password
Kemme
registry_autorun
false
startup_name
use_mutex
false

Targets

- Target
  
  9de81c4b0f4d76ada494588b6250165091db9f1b7e1b9cc84a4f621aafa92362
- Size
  
  644KB
- MD5
  
  aa7f4ac1c779a113a1f6deefe4980ae6
- SHA1
  
  7de6c7563fb13e8ae9fe682e79a2a65145aaf491
- SHA256
  
  9de81c4b0f4d76ada494588b6250165091db9f1b7e1b9cc84a4f621aafa92362
- SHA512
  
  8280cb3488f909599ecdc25517a4520320dab86a63e446cce46d045d04373d4826939bcf55088bad19dad542b5f5731bd1cee80cc3be5f4e8dc5e269bbbab230
Score

10^/10

netwire botnet rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

netwirebotnetratstealer

behavioral2

netwirebotnetratstealer

© 2018-2024

Terms | Privacy