netwire | 13449784267e8b9f277e7aa2fdacecadfa3ad1843bf750190963b69b3b590c8f | Triage

Submit
Reports

Overview

overview

Static

static

Proof of payment.exe

windows7_x64

Proof of payment.exe

windows10-2004_x64

Sharing

General

Target

13449784267e8b9f277e7aa2fdacecadfa3ad1843bf750190963b69b3b590c8f
Size

885KB
Sample

220521-w277aaebaj
MD5

5cc2db7fe3b222b100b9107896943e6f
SHA1

38822f40ac45140a80561e55742e2b7aae3b5a65
SHA256

13449784267e8b9f277e7aa2fdacecadfa3ad1843bf750190963b69b3b590c8f
SHA512

2fe32369a65bfb7f586121a937b1eb20c81f7ce0f0418780c4fda125395154d476b1b8c33c27c9b6cc1dd5799b1b4e91f850853f685fd62741f173d85e2c881c

Score

10^/10

netwire botnet persistence rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

Proof of payment.exe

Resource

win7-20220414-en

netwire botnet persistence rat stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Proof of payment.exe

Resource

win10v2004-20220414-en

netwire botnet persistence rat stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Proof of payment.exe
- Size
  
  1.0MB
- MD5
  
  328549191a15865db4e088aa1375a7b2
- SHA1
  
  5b2128274c3c069c90fe14b13c95ee1339873048
- SHA256
  
  ff0ebb75a316c61d851a3edfb2ec49a5c05a2054032dbb9f175b7990fd8959dc
- SHA512
  
  b646c21e687e0efa75913d21b3403f9ff0945d91158a9dbd318685d2eecacbc4f79f24f2cf3420045c1dee6161b71d084703277e8a4e2df79fa1177b7b42d205
Score

10^/10

netwire botnet persistence rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

netwirebotnetpersistenceratstealer

behavioral2

netwirebotnetpersistenceratstealer

© 2018-2024

Terms | Privacy