netwire | f7c37eac5808e804c64864a30eaa565b0cdf35b3738f049ac2e6f793f7603cec | Triage

Submit
Reports

Overview

overview

Static

static

Paymentcon...on.exe

windows7_x64

Paymentcon...on.exe

windows10_x64

Sharing

General

Target

Paymentconfirmation.exe
Size

616KB
Sample

210810-g7h6bhwjgx
MD5

fe6b9636c6363b1cbcecd2b690408d77
SHA1

c1e7b86bb283116568211eeb200bb4eff457948c
SHA256

f7c37eac5808e804c64864a30eaa565b0cdf35b3738f049ac2e6f793f7603cec
SHA512

6241aa32dc8b80cc42ddce37e25586fb5b84f06a7d7a590c1e87650493f9f805843fd0de350e798e38a155f5901858f60ca5178e24cec0a954d5ca5c14f37776

Score

10^/10

netwire botnet rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

Paymentconfirmation.exe

Resource

win7v20210410

netwire botnet rat stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Paymentconfirmation.exe

Resource

win10v20210408

netwire botnet rat stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

netwire

C2

194.5.97.220:3387

194.5.97.220:3389

Attributes

activex_autorun
false
activex_key
copy_executable
false
delete_original
false
host_id
HostId-%Rand%
install_path
keylogger_dir
%AppData%\Logs\
lock_executable
false
mutex
offline_keylogger
true
password
stanlow02
registry_autorun
false
startup_name
use_mutex
false

Targets

- Target
  
  Paymentconfirmation.exe
- Size
  
  616KB
- MD5
  
  fe6b9636c6363b1cbcecd2b690408d77
- SHA1
  
  c1e7b86bb283116568211eeb200bb4eff457948c
- SHA256
  
  f7c37eac5808e804c64864a30eaa565b0cdf35b3738f049ac2e6f793f7603cec
- SHA512
  
  6241aa32dc8b80cc42ddce37e25586fb5b84f06a7d7a590c1e87650493f9f805843fd0de350e798e38a155f5901858f60ca5178e24cec0a954d5ca5c14f37776
Score

10^/10

netwire botnet rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

netwirebotnetratstealer

behavioral2

netwirebotnetratstealer

© 2018-2024

Terms | Privacy