netwire | 557b7d3dbc3f34338f5a6c1467f399abc0b3ef004d7378b7ff78f80d96fbc244 | Triage

Submit
Reports

Overview

overview

Static

static

ShippingBL...DF.exe

windows7_x64

ShippingBL...DF.exe

windows10_x64

Sharing

General

Target

ShippingBLINVPLPDF.exe
Size

764KB
Sample

210621-mm29tt4bwa
MD5

ac2dd3566161994b4bc2af90113dd6ef
SHA1

062eab232642c0d9ee9e6af266a8abe9fa14dbac
SHA256

557b7d3dbc3f34338f5a6c1467f399abc0b3ef004d7378b7ff78f80d96fbc244
SHA512

fba9479747777c206a427ea75333834f82ffcf1d8fcfd560b60aed293f22c90ef369de745776ebd041e52a097cadcf9b8dcf4d612e2d459210d7d4dfedaae8df

Score

10^/10

netwire botnet rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

ShippingBLINVPLPDF.exe

Resource

win7v20210408

netwire botnet rat stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

ShippingBLINVPLPDF.exe

Resource

win10v20210408

netwire botnet rat stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

netwire

C2

www.clfoor.net:8760

Attributes

activex_autorun
false
activex_key
copy_executable
false
delete_original
false
host_id
payment
install_path
keylogger_dir
lock_executable
false
mutex
offline_keylogger
false
password
Password
registry_autorun
false
startup_name
use_mutex
false

Targets

- Target
  
  ShippingBLINVPLPDF.exe
- Size
  
  764KB
- MD5
  
  ac2dd3566161994b4bc2af90113dd6ef
- SHA1
  
  062eab232642c0d9ee9e6af266a8abe9fa14dbac
- SHA256
  
  557b7d3dbc3f34338f5a6c1467f399abc0b3ef004d7378b7ff78f80d96fbc244
- SHA512
  
  fba9479747777c206a427ea75333834f82ffcf1d8fcfd560b60aed293f22c90ef369de745776ebd041e52a097cadcf9b8dcf4d612e2d459210d7d4dfedaae8df
Score

10^/10

netwire botnet rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Scripting

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

netwirebotnetratstealer

behavioral2

netwirebotnetratstealer

© 2018-2024

Terms | Privacy