Overview

overview

10

Static

static

10

c2268bf318...a9.exe

windows7_x64

10

c2268bf318...a9.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    38s
  • max time network
    44s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    01-07-2022 04:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c2268bf31831425cafcea2863195457979514c2213bda36f8e0a17f411f99ca9.exe

  • Size

    606KB

  • MD5

    8ecf0b8f8a455125d1aa583acc4e9ad3

  • SHA1

    33706f04cead4adfd94118fed35f23b79752b434

  • SHA256

    c2268bf31831425cafcea2863195457979514c2213bda36f8e0a17f411f99ca9

  • SHA512

    572e5b22d97ffcbc4884743100793eb4b4507cf1a8a162818e9773b996b2326531a3193bf22311724e0ccd40dbc633407cf241748b75f954872adfd84ae6a8a1

Score
10/10
netwirebotnetratstealer

Malware Config

Signatures

  • NetWire RAT payload 1 IoCs
    rat
  • Netwire

    Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    botnetstealernetwire
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\c2268bf31831425cafcea2863195457979514c2213bda36f8e0a17f411f99ca9.exe
    "C:\Users\Admin\AppData\Local\Temp\c2268bf31831425cafcea2863195457979514c2213bda36f8e0a17f411f99ca9.exe"
    1⤵
      PID:1032

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1032-54-0x00000000758D1000-0x00000000758D3000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1032-55-0x0000000000400000-0x00000000004A2000-memory.dmp

      Filesize

      648KB

      Download