netwire | 472bd26e0dec365a75bb00046b1025c75cbddc7cad4eef7c50213c6382f5d063 | Triage

Submit
Reports

Overview

overview

Static

static

8

Solictud_d...0).exe

windows7_x64

Solictud_d...0).exe

windows10-2004_x64

Sharing

General

Target

472bd26e0dec365a75bb00046b1025c75cbddc7cad4eef7c50213c6382f5d063
Size

535KB
Sample

220520-qnaqzagfek
MD5

297282d787079090bf2d5c8377a09735
SHA1

695255ca153effae31e7c7b77e7f39bcd563003c
SHA256

472bd26e0dec365a75bb00046b1025c75cbddc7cad4eef7c50213c6382f5d063
SHA512

87f3c604e26a0aff20dbf5e3deb76b52b9c78ab47097180af58274eb9a0528f6547f7bf55d42822c42124a34b47bf14570e4f897e229b775595887a81b6ca757

Score

10^/10

netwire botnet persistence stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

Solictud_de_cotizacion (3699663-2020).exe

Resource

win7-20220414-en

netwire botnet persistence stealer upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Solictud_de_cotizacion (3699663-2020).exe

Resource

win10v2004-20220414-en

netwire botnet persistence stealer upx

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Solictud_de_cotizacion (3699663-2020).exe
- Size
  
  553KB
- MD5
  
  748e4a49b7e306d7eb45aaa7b10faf5d
- SHA1
  
  ed4e974775f050e65233116fdbb28921618fceb7
- SHA256
  
  e232e9c0d66770fe8e50466f3dd073160a8ddaf565ed0382ce997226c1b364dd
- SHA512
  
  378f5c0ed4b94405a1287febc6a12901cbc8b386b41b66d9f2d007d704780424f3427b6e6973480656954f3d31540cacdc5e935118d4d561bba1bf399fc8d839
Score

10^/10

netwire botnet persistence stealer upx
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

netwirebotnetpersistencestealerupx

behavioral2

netwirebotnetpersistencestealerupx

© 2018-2024

Terms | Privacy