netwire | b7f42f93e5c2dfcb4620859c74593f1090dcca50dbf14d7665e31832b3ff0313 | Triage

Submit
Reports

Overview

overview

Static

static

24C8B4647F...4F.exe

windows7_x64

24C8B4647F...4F.exe

windows10_x64

Sharing

General

Target

24C8B4647F7CDEF7524055129030454F.exe
Size

23.0MB
Sample

210719-kcfg7vcjf6
MD5

24c8b4647f7cdef7524055129030454f
SHA1

8b5dd2f2d271b5503a865bd6641e7a761ee9c520
SHA256

b7f42f93e5c2dfcb4620859c74593f1090dcca50dbf14d7665e31832b3ff0313
SHA512

1316e79aac01b0a46f7dc389970f7c3e804898c47020d987c80783b56a7b61fdc184979012e96b55cd74dedb36669a1064c9198be8a79b1ac74b68d730cb762d

Score

10^/10

netwire botnet evasion persistence rat stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

24C8B4647F7CDEF7524055129030454F.exe

Resource

win7v20210410

netwire botnet evasion persistence rat stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

24C8B4647F7CDEF7524055129030454F.exe

Resource

win10v20210408

netwire botnet evasion persistence rat stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

netwire

C2

maelus.mine.nu:3650

Attributes

activex_autorun
false
activex_key
copy_executable
false
delete_original
false
host_id
first spread
install_path
keylogger_dir
%AppData%\Logs\
lock_executable
false
mutex
offline_keylogger
true
password
0000
registry_autorun
false
startup_name
use_mutex
false

Targets

- Target
  
  24C8B4647F7CDEF7524055129030454F.exe
- Size
  
  23.0MB
- MD5
  
  24c8b4647f7cdef7524055129030454f
- SHA1
  
  8b5dd2f2d271b5503a865bd6641e7a761ee9c520
- SHA256
  
  b7f42f93e5c2dfcb4620859c74593f1090dcca50dbf14d7665e31832b3ff0313
- SHA512
  
  1316e79aac01b0a46f7dc389970f7c3e804898c47020d987c80783b56a7b61fdc184979012e96b55cd74dedb36669a1064c9198be8a79b1ac74b68d730cb762d
Score

10^/10

netwire botnet evasion persistence rat stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Modifies security service
  evasion
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Disabling Security Tools

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

netwirebotnetevasionpersistenceratstealertrojan

behavioral2

netwirebotnetevasionpersistenceratstealertrojan

© 2018-2024

Terms | Privacy