491ec1161652070007f5205e8d7592271302324e28e58f006fb5a1e81d1d57f1.bin
502KB
210719-ts6z3ze5e2
b49f739d1d6f51d71f075e9392946b2e
0967c716434876e355a3127e55f629cc8b0cc238
491ec1161652070007f5205e8d7592271302324e28e58f006fb5a1e81d1d57f1
c1fc947539b319ab73a9fa5436c9aa1f6792cdbe90e009ae52073c8ac7fbb54e3d864d8e3abf37d8f50b5a024368c7f535f66044268df7d37cca699a6e45a800
491ec1161652070007f5205e8d7592271302324e28e58f006fb5a1e81d1d57f1.bin
b49f739d1d6f51d71f075e9392946b2e
502KB
0967c716434876e355a3127e55f629cc8b0cc238
491ec1161652070007f5205e8d7592271302324e28e58f006fb5a1e81d1d57f1
c1fc947539b319ab73a9fa5436c9aa1f6792cdbe90e009ae52073c8ac7fbb54e3d864d8e3abf37d8f50b5a024368c7f535f66044268df7d37cca699a6e45a800
Tags
Signatures
-
NetWire RAT payload
-
Netwire
Description
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
Tags
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Suspicious use of SetThreadContext