netwire | f7d7c3c283891a3fdffccf5dbd1da3a841064cd393aed4eab3987dfb1d93a51c | Triage

Sharing

General

Target

f7d7c3c283891a3fdffccf5dbd1da3a841064cd393aed4eab3987dfb1d93a51c
Size

1.5MB
Sample

220520-qah57afgdl
MD5

3b5a9ea183f1eb6123eda703aaa817a9
SHA1

e745ef2f8785eaf83e237ab3fb107ea664e23e5e
SHA256

f7d7c3c283891a3fdffccf5dbd1da3a841064cd393aed4eab3987dfb1d93a51c
SHA512

ee8ce891e478461abe8d91df4808566a35bb92671718ca5300f630ab30aadea201f224b5f0b1b1f0d2cb61bb6715a984c9730ff82d4cd087b944491d0cd14b24

Score

10^/10

netwire botnet collection rat stealer

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.aoki-shoten.com
Port:
587
Username:
aokikazuhir@aoki-shoten.com
Password:
Kumasi12345009

Targets

- Target
  
  BANK_DET.EXE
- Size
  
  434KB
- MD5
  
  97c8146c10d533dacaaca193761b1c98
- SHA1
  
  dff81aa37ff7d60095615682ded6490f188ae959
- SHA256
  
  3c7e44e2b240655a3f18fde494d90ba07478b3e28f0161f63ecfd48049a7d554
- SHA512
  
  e387b91b904e4d29de77c196cf32541b26e968341be4011b386504f47c737ad066bba23b428464a2f2ca516c5f9fc1f88d14e25c5dfc497f4a3bb9c1f72038d4
Score

10^/10

netwire botnet rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Blocklisted process makes network request
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  REVERSE_.EXE
- Size
  
  507KB
- MD5
  
  b378a8a59c97e5db6fc1c6faf37c90de
- SHA1
  
  1ba14ba7adab7d5903f0dd6c9e8ef9a9d40115e7
- SHA256
  
  ab85c8e3305016e7806bf71583c6100e8249054dbb2701b9944a190ae15a7284
- SHA512
  
  d31d6c7d52fe576ae7f5d3276fabcf56ae1d0b30786df1b795e7b03ccb4b0e607fcd95e9e7229f5017dd059803c5c2415243091109163cca424dcfeb10197a4d
Score

10^/10

collection
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

netwirebotnetratstealer

behavioral3

behavioral4