e7cddae953978be6b45011ccbde76cc209eb1bfb3976ba9e214a37df62e3e145

Target

Size

496KB

Sample

220521-xxmkfscge2

Score

10 ^/10

MD5

2e949fbd641fbb0b7a2faa128ddd3540

SHA1

eac22a028a62c18391a452850d9c42fbb19b7fb8

SHA256

e7cddae953978be6b45011ccbde76cc209eb1bfb3976ba9e214a37df62e3e145

SHA512

93d326fc1f0bdace236773275b0969dc191e98979e6f353567bf8ca5479773bf8c811dd9b292136a6a1f2aa0999988c79567ef41f75dde5243ebd628582c1d78

Target

e7cddae953978be6b45011ccbde76cc209eb1bfb3976ba9e214a37df62e3e145

MD5

2e949fbd641fbb0b7a2faa128ddd3540

Filesize

496KB

Score

10^/10

SHA1

eac22a028a62c18391a452850d9c42fbb19b7fb8

SHA256

e7cddae953978be6b45011ccbde76cc209eb1bfb3976ba9e214a37df62e3e145

SHA512

93d326fc1f0bdace236773275b0969dc191e98979e6f353567bf8ca5479773bf8c811dd9b292136a6a1f2aa0999988c79567ef41f75dde5243ebd628582c1d78

Signatures

NetWire RAT payload
Tags

rat
Netwire
Description

Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
Tags

botnet stealer netwire
Modifies Installed Components in the registry
Tags

persistence

TTPs

Registry Run Keys / Startup FolderModify Registry
Adds Run key to start application
Tags

persistence

TTPs

Registry Run Keys / Startup FolderModify Registry
Suspicious use of SetThreadContext

Related Tasks

behavioral1 behavioral2

Collection

Command and Control

Credential Access

Defense Evasion

Modify Registry

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

static1

behavioral1

netwire botnet persistence rat stealer

10^/10

behavioral2

netwire botnet persistence rat stealer

10^/10

Tags

Signatures

NetWire RAT payload

Tags

Netwire

Description

Tags

Modifies Installed Components in the registry

Tags

TTPs

Adds Run key to start application

Tags

TTPs

Suspicious use of SetThreadContext

Related Tasks

static1

behavioral1

behavioral2