netwire | 3952d20010784df9f80ca5f283a2784a23e301b64c76e8a05225a7421d905fbc | Triage

Submit
Reports

Overview

overview

Static

static

9849858 PO.exe

windows7_x64

9849858 PO.exe

windows10_x64

Sharing

General

Target

9849858 PO.exe
Size

541KB
Sample

210526-vp1wy7aa4e
MD5

9237436c4af1011ed1a7a62c58f5ca62
SHA1

5d2335954cd784c99f078a9c1b1d8a000c928970
SHA256

3952d20010784df9f80ca5f283a2784a23e301b64c76e8a05225a7421d905fbc
SHA512

ba3b63fd0e7379e1b6d56a63cdd696e1063c8659da33befeab5cafe42d6571c354aa33ecb00ab5a5ea43db2aff37c1415fb446bfef0768ab57ef42b7693b783f

Score

10^/10

netwire botnet rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

9849858 PO.exe

Resource

win7v20210410

netwire botnet rat stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

9849858 PO.exe

Resource

win10v20210410

netwire botnet rat stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

netwire

C2

23.105.131.166:4084

Attributes

activex_autorun
false
activex_key
copy_executable
true
delete_original
false
host_id
HostId-%Rand%
install_path
%AppData%\Install\Host.exe
keylogger_dir
%AppData%\Logs\
lock_executable
false
mutex
offline_keylogger
true
password
Minobrawn1
registry_autorun
false
startup_name
use_mutex
false

Targets

- Target
  
  9849858 PO.exe
- Size
  
  541KB
- MD5
  
  9237436c4af1011ed1a7a62c58f5ca62
- SHA1
  
  5d2335954cd784c99f078a9c1b1d8a000c928970
- SHA256
  
  3952d20010784df9f80ca5f283a2784a23e301b64c76e8a05225a7421d905fbc
- SHA512
  
  ba3b63fd0e7379e1b6d56a63cdd696e1063c8659da33befeab5cafe42d6571c354aa33ecb00ab5a5ea43db2aff37c1415fb446bfef0768ab57ef42b7693b783f
Score

10^/10

netwire botnet rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

netwirebotnetratstealer

behavioral2

netwirebotnetratstealer

© 2018-2024

Terms | Privacy