netwire | 19966840925813b414e970aaa3f6e1359eec691c60edc9a97630fa5d82344cac | Triage

Sharing

General

Target

19966840925813b414e970aaa3f6e1359eec691c60edc9a97630fa5d82344cac
Size

127KB
Sample

220520-g3lx4sgfhn
MD5

8172254340234d268b77006f07019ef6
SHA1

bae560787262581832b41a2764fec210b3710d1f
SHA256

19966840925813b414e970aaa3f6e1359eec691c60edc9a97630fa5d82344cac
SHA512

a5521358ec34413c1015db2e361adf3a3ec4a184cd62e4c57230b29151d30218b83895d1e62478aa5b4a1291dc14db87e725ebdb205603bc44d5cb51ff07aaa6

Score

10^/10

netwire botnet rat stealer

Malware Config

Extracted

Family

netwire

C2

beltalus.ns1.name:8085

Attributes

activex_autorun
false
activex_key
copy_executable
false
delete_original
false
host_id
Zombies-%Rand%
install_path
keylogger_dir
%AppData%\Logs_temp\
lock_executable
false
mutex
nVXpOIQC
offline_keylogger
true
password
Volve
registry_autorun
false
startup_name
use_mutex
true

Targets

- Target
  
  19966840925813b414e970aaa3f6e1359eec691c60edc9a97630fa5d82344cac
- Size
  
  127KB
- MD5
  
  8172254340234d268b77006f07019ef6
- SHA1
  
  bae560787262581832b41a2764fec210b3710d1f
- SHA256
  
  19966840925813b414e970aaa3f6e1359eec691c60edc9a97630fa5d82344cac
- SHA512
  
  a5521358ec34413c1015db2e361adf3a3ec4a184cd62e4c57230b29151d30218b83895d1e62478aa5b4a1291dc14db87e725ebdb205603bc44d5cb51ff07aaa6
Score

10^/10

netwire botnet stealer
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

netwirebotnetstealer

behavioral2

netwirebotnetstealer