netwire | 17c5a1d3469610c95de445590f2a3d66a2c7a3ffac39085982620449ce42a008 | Triage

Submit
Reports

Overview

overview

Static

static

17c5a1d346...08.exe

windows7_x64

8

17c5a1d346...08.exe

windows10-2004_x64

Sharing

General

Target

17c5a1d3469610c95de445590f2a3d66a2c7a3ffac39085982620449ce42a008
Size

827KB
Sample

220520-rs584sbcfm
MD5

03f29ca4710c10bcd05f1e07bbbb2eac
SHA1

471c5eace5ea0811771c162206c797283722d92a
SHA256

17c5a1d3469610c95de445590f2a3d66a2c7a3ffac39085982620449ce42a008
SHA512

98236e96cfd46c96dc818722d2efbed379c715972efab37414d15000379f10d539195b8a7f2d53a2c3628955c953aa230bdcac2cbd44ed2f444af4a398a90218

Score

10^/10

netwire botnet persistence rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

17c5a1d3469610c95de445590f2a3d66a2c7a3ffac39085982620449ce42a008.exe

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

17c5a1d3469610c95de445590f2a3d66a2c7a3ffac39085982620449ce42a008.exe

Resource

win10v2004-20220414-en

netwire botnet persistence rat stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  17c5a1d3469610c95de445590f2a3d66a2c7a3ffac39085982620449ce42a008
- Size
  
  827KB
- MD5
  
  03f29ca4710c10bcd05f1e07bbbb2eac
- SHA1
  
  471c5eace5ea0811771c162206c797283722d92a
- SHA256
  
  17c5a1d3469610c95de445590f2a3d66a2c7a3ffac39085982620449ce42a008
- SHA512
  
  98236e96cfd46c96dc818722d2efbed379c715972efab37414d15000379f10d539195b8a7f2d53a2c3628955c953aa230bdcac2cbd44ed2f444af4a398a90218
Score

10^/10

persistence netwire botnet rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

netwirebotnetpersistenceratstealer

© 2018-2024

Terms | Privacy