Overview

overview

10

Static

static

b7a30ea935...88.exe

windows7_x64

10

b7a30ea935...88.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b7a30ea935dcedf1660abc389fcdf688.exe

  • Size

    6.8MB

  • Sample

    220626-ey8vzaabf7

  • MD5

    b7a30ea935dcedf1660abc389fcdf688

  • SHA1

    55e8e239d2a711aba9981433da6f6a7cc9b33bd4

  • SHA256

    3608b5a274c096c7603b66f5a592353581b0df20f9d51e49b79fa99e632a002f

  • SHA512

    d90b4f59af7ae2b60f8010e3a872c34e9498dc965c3163706229681afb3040026a053442fb0bb48c30e29dd79a9b8c0a422100385b492dc5d66d1841fc866787

Score
10/10
netwirebotnetratstealer

Malware Config

Extracted

Family

netwire

C2

newchines.giize.com:1804

Attributes
  • activex_autorun

    false

  • copy_executable

    false

  • delete_original

    false

  • host_id

    HostId-%Rand%

  • lock_executable

    false

  • offline_keylogger

    false

  • password

    Password

  • registry_autorun

    false

  • use_mutex

    false

Targets

    • Target

      b7a30ea935dcedf1660abc389fcdf688.exe

    • Size

      6.8MB

    • MD5

      b7a30ea935dcedf1660abc389fcdf688

    • SHA1

      55e8e239d2a711aba9981433da6f6a7cc9b33bd4

    • SHA256

      3608b5a274c096c7603b66f5a592353581b0df20f9d51e49b79fa99e632a002f

    • SHA512

      d90b4f59af7ae2b60f8010e3a872c34e9498dc965c3163706229681afb3040026a053442fb0bb48c30e29dd79a9b8c0a422100385b492dc5d66d1841fc866787

    Score
    10/10
    netwirebotnetratstealer

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks