Extracted

• • Target

    ff0b1d9f2221e78773cfed9e89f87eab3add2c872f44f7f8cd10e18e2e0e8465

  • Size

    632KB

  • MD5

    29b89507364a0868ff24aa52e9f9a30f

  • SHA1

    a33e07b0f35d1fa69c732b8ef03fbd045c1d443d

  • SHA256

    ff0b1d9f2221e78773cfed9e89f87eab3add2c872f44f7f8cd10e18e2e0e8465

  • SHA512

    c7c4e572fbeaa3e10c9f5754b94e56efbcbcad5f6aa2b144e8b8a12d5fd3f43e16465f0b771c39e5d94167ae95416a2a5ebaa1a1b0329c3a7ba652fb13f34611

  Score

  10^/10

  netwirebotnetpersistenceratstealer

  • NetWire RAT payload

    rat

  • Netwire

    Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    botnetstealernetwire

  • Executes dropped EXE

  • Modifies Installed Components in the registry

    persistence

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2