netwire | 962c56ec4b5c877da762c9f95ea2aa1bffbf34f9615b3a9df8d53cec75c434bb

Analysis

max time kernel
149s
max time network
178s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
01-07-2022 06:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

962c56ec4b5c877da762c9f95ea2aa1bffbf34f9615b3a9df8d53cec75c434bb.exe
Size

127KB
MD5

c45bedf2bd458697c71a854c74e474f2
SHA1

5f24b352f14def8d0aef90cdda4ff88c58f7ccbd
SHA256

962c56ec4b5c877da762c9f95ea2aa1bffbf34f9615b3a9df8d53cec75c434bb
SHA512

f303065611b0c798773403e915427d39d689487f437131aff580314032b977e60436f689a4ac909c1f93ddab05b9ffc39cddef51714b744c726c48393a59ec23

Score

10^/10

netwire botnet persistence stealer

Malware Config

Signatures

Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
botnet stealer netwire

Modifies Installed Components in the registry 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

962c56ec4b5c877da762c9f95ea2aa1bffbf34f9615b3a9df8d53cec75c434bb.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{787VAS27-AF61-MKL6-QL33-MR4WC8YFU3W3}	962c56ec4b5c877da762c9f95ea2aa1bffbf34f9615b3a9df8d53cec75c434bb.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{787VAS27-AF61-MKL6-QL33-MR4WC8YFU3W3}\StubPath = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\962c56ec4b5c877da762c9f95ea2aa1bffbf34f9615b3a9df8d53cec75c434bb.exe\""	962c56ec4b5c877da762c9f95ea2aa1bffbf34f9615b3a9df8d53cec75c434bb.exe

C:\Users\Admin\AppData\Local\Temp\962c56ec4b5c877da762c9f95ea2aa1bffbf34f9615b3a9df8d53cec75c434bb.exe
"C:\Users\Admin\AppData\Local\Temp\962c56ec4b5c877da762c9f95ea2aa1bffbf34f9615b3a9df8d53cec75c434bb.exe"
1⤵
- Modifies Installed Components in the registry
PID:3320

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads