netwire | b40a3c0aa371e80fb0cc86dfcb249a788f50260d490d950718f49c64e188a3b8 | Triage

Submit
Reports

Overview

overview

Static

static

9

QUOTE_93.exe

windows7_x64

QUOTE_93.exe

windows10-2004_x64

Sharing

General

Target

b40a3c0aa371e80fb0cc86dfcb249a788f50260d490d950718f49c64e188a3b8
Size

1.2MB
Sample

220521-n9w5zsehc7
MD5

464bd6ae6d1e1d7a6f88cdd7aa5025a2
SHA1

ebeb378de41055d1f21a662a521a82937a485332
SHA256

b40a3c0aa371e80fb0cc86dfcb249a788f50260d490d950718f49c64e188a3b8
SHA512

05020d770028713f22be47e32cbad15632e7e69f26d186ec599f2d136344743f7a9a6737616c6064b223554655aa8426871864a755d1f6f8e0f8510ef157dc2d

Score

10^/10

netwire botnet rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

QUOTE_93.exe

Resource

win7-20220414-en

netwire botnet rat stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

QUOTE_93.exe

Resource

win10v2004-20220414-en

netwire botnet rat stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

netwire

C2

185.103.96.151:6996

Attributes

activex_autorun
false
activex_key
copy_executable
false
delete_original
false
host_id
HostId-%Rand%
install_path
keylogger_dir
lock_executable
false
mutex
offline_keylogger
false
password
Ehimembano1@
registry_autorun
false
startup_name
use_mutex
false

Targets

- Target
  
  QUOTE_93.EXE
- Size
  
  433KB
- MD5
  
  d519b9590876fd0bc7fe7e62c1f14f9c
- SHA1
  
  930bc4718ace81ed9d029d1b99c1cd7cf53e2b95
- SHA256
  
  8d91a07cffa859ef14c1deaf86f49c25003f050d4fed1d18eee1cde88f292697
- SHA512
  
  9d644709fdce6b603a683b0d481abf005743e1a05198522a843c5b463b1414dbfc8785da52ebbf87acddda51eaf5fa336745cefbbf264f37c21ee8121cfbad39
Score

10^/10

netwire botnet rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

netwirebotnetratstealer

behavioral2

netwirebotnetratstealer

© 2018-2024

Terms | Privacy