netwire | 9133c16f469cf207152a1a8b2d8f0c59533d2f632b17828973c6a6a37b31fa97 | Triage

Submit
Reports

Overview

overview

Static

static

59e1199f32...65.exe

windows7_x64

59e1199f32...65.exe

windows10_x64

Sharing

General

Target

59e1199f32a8f13b0efbdd092b02b165.exe
Size

631KB
Sample

210503-zcg55b7ps2
MD5

59e1199f32a8f13b0efbdd092b02b165
SHA1

aed745bc896ea20b20859f55a3a18ca10e1463e3
SHA256

9133c16f469cf207152a1a8b2d8f0c59533d2f632b17828973c6a6a37b31fa97
SHA512

b6607e0246b398db47de1b852e0b94ab311c5d0d423ce735a6e537b13563f381112afb9311fd6a80a580075dfccfd0f29d4ac8cf224cbd9eee7dbdda75899f8d

Score

10^/10

netwire agilenet botnet rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

59e1199f32a8f13b0efbdd092b02b165.exe

Resource

win7v20210408

netwire agilenet botnet rat stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

59e1199f32a8f13b0efbdd092b02b165.exe

Resource

win10v20210410

netwire agilenet botnet rat stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

netwire

C2

79.134.225.52:31360

Attributes

activex_autorun
false
activex_key
copy_executable
false
delete_original
false
host_id
HostId-%Rand%
install_path
keylogger_dir
lock_executable
false
mutex
offline_keylogger
false
password
Favor1000$
registry_autorun
false
startup_name
use_mutex
false

Targets

- Target
  
  59e1199f32a8f13b0efbdd092b02b165.exe
- Size
  
  631KB
- MD5
  
  59e1199f32a8f13b0efbdd092b02b165
- SHA1
  
  aed745bc896ea20b20859f55a3a18ca10e1463e3
- SHA256
  
  9133c16f469cf207152a1a8b2d8f0c59533d2f632b17828973c6a6a37b31fa97
- SHA512
  
  b6607e0246b398db47de1b852e0b94ab311c5d0d423ce735a6e537b13563f381112afb9311fd6a80a580075dfccfd0f29d4ac8cf224cbd9eee7dbdda75899f8d
Score

10^/10

netwire agilenet botnet rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Executes dropped EXE
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

netwireagilenetbotnetratstealer

behavioral2

netwireagilenetbotnetratstealer

© 2018-2024

Terms | Privacy