netwire | 9dd9dcea8897935e1ad2495d33b9236228dac772ca825cc67c90938bb29aa419 | Triage

Submit
Reports

Overview

overview

Static

static

Proof Of Payment.exe

windows7_x64

Proof Of Payment.exe

windows10-2004_x64

Sharing

General

Target

9dd9dcea8897935e1ad2495d33b9236228dac772ca825cc67c90938bb29aa419
Size

868KB
Sample

220521-w3ax6sagd9
MD5

f047630b6bdd86310d4576a63a94ada6
SHA1

d721cf61114d0015af33b877fea4b6620075f0a1
SHA256

9dd9dcea8897935e1ad2495d33b9236228dac772ca825cc67c90938bb29aa419
SHA512

96e5b54c71c8fa14408616f459b021f8e3309e95800b5ebafa87b7a1fdd1e5baa1961bacbde9f31f4155f146bf739b182b33b72de9c553c904cb2ccccc0a6cf5

Score

10^/10

netwire botnet persistence rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

Proof Of Payment.exe

Resource

win7-20220414-en

netwire botnet persistence rat stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Proof Of Payment.exe

Resource

win10v2004-20220414-en

netwire botnet persistence rat stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Proof Of Payment.exe
- Size
  
  1021KB
- MD5
  
  121b665f158aa269dfdd6d701c4af31d
- SHA1
  
  81b94a9e9af1258dd5074adc7077c0fca2de7e79
- SHA256
  
  9e1de81ecb080a9d970953a62de72b6a83cc61776409098f1429c11032cbfa14
- SHA512
  
  af293c732eea9d928e9bcfefc35fbee68ad3af3392503dd3d051ef9dc54df630f6a5a965d364f255c9c25a19465e58ed630edc644eed99c370924aec837b5b68
Score

10^/10

netwire botnet persistence rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

netwirebotnetpersistenceratstealer

behavioral2

netwirebotnetpersistenceratstealer

© 2018-2024

Terms | Privacy