General
Target
Size
Sample
491ec1161652070007f5205e8d7592271302324e28e58f006fb5a1e81d1d57f1.bin
502KB
210719-ts6z3ze5e2
Score
10/10
MD5
SHA1
SHA256
SHA512
b49f739d1d6f51d71f075e9392946b2e
0967c716434876e355a3127e55f629cc8b0cc238
491ec1161652070007f5205e8d7592271302324e28e58f006fb5a1e81d1d57f1
c1fc947539b319ab73a9fa5436c9aa1f6792cdbe90e009ae52073c8ac7fbb54e3d864d8e3abf37d8f50b5a024368c7f535f66044268df7d37cca699a6e45a800
Malware Config
Targets
Target
MD5
Filesize
491ec1161652070007f5205e8d7592271302324e28e58f006fb5a1e81d1d57f1.bin
b49f739d1d6f51d71f075e9392946b2e
502KB
Score
10/10
SHA1
SHA256
SHA512
0967c716434876e355a3127e55f629cc8b0cc238
491ec1161652070007f5205e8d7592271302324e28e58f006fb5a1e81d1d57f1
c1fc947539b319ab73a9fa5436c9aa1f6792cdbe90e009ae52073c8ac7fbb54e3d864d8e3abf37d8f50b5a024368c7f535f66044268df7d37cca699a6e45a800
Tags
Signatures
-
NetWire RAT payload
-
Netwire
Description
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
Tags
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks
static1
Score
N/A
behavioral1
Score
10/10
behavioral2
Score
10/10