netwire | 362ade4173906284e7a589487ef006ceaff1432d4defb33f83c6e6f0bd3cb09a | Triage

Submit
Reports

Overview

overview

Static

static

362ade4173...9a.exe

windows7_x64

1

362ade4173...9a.exe

windows10-2004_x64

Sharing

General

Target

362ade4173906284e7a589487ef006ceaff1432d4defb33f83c6e6f0bd3cb09a
Size

265KB
Sample

220626-dys9vafbhq
MD5

92878813dcf29561ac35fb37820839f5
SHA1

377128b7a144234b4f103c241c6bb599d79b877e
SHA256

362ade4173906284e7a589487ef006ceaff1432d4defb33f83c6e6f0bd3cb09a
SHA512

9f7410d93185de83761413a1c8c01d91d9120ba0c0afa1c5701338c0a0a5e379821de9fb2e7e77bca699dcc384af026857776958368f4327d87a501ebaee5a36

Score

10^/10

netwire botnet rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

362ade4173906284e7a589487ef006ceaff1432d4defb33f83c6e6f0bd3cb09a.exe

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

362ade4173906284e7a589487ef006ceaff1432d4defb33f83c6e6f0bd3cb09a.exe

Resource

win10v2004-20220414-en

netwire botnet rat stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

netwire

C2

wealthyjamesbond.ddns.net:39560

Attributes

activex_autorun
false
copy_executable
false
delete_original
false
host_id
sunshineslisa
keylogger_dir
C:\Users\Admin\AppData\Roaming\Logs\Imgburn\
lock_executable
false
offline_keylogger
true
password
sucess
registry_autorun
false
use_mutex
false

Targets

- Target
  
  362ade4173906284e7a589487ef006ceaff1432d4defb33f83c6e6f0bd3cb09a
- Size
  
  265KB
- MD5
  
  92878813dcf29561ac35fb37820839f5
- SHA1
  
  377128b7a144234b4f103c241c6bb599d79b877e
- SHA256
  
  362ade4173906284e7a589487ef006ceaff1432d4defb33f83c6e6f0bd3cb09a
- SHA512
  
  9f7410d93185de83761413a1c8c01d91d9120ba0c0afa1c5701338c0a0a5e379821de9fb2e7e77bca699dcc384af026857776958368f4327d87a501ebaee5a36
Score

10^/10

netwire botnet rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

netwirebotnetratstealer

© 2018-2024

Terms | Privacy