netwire | 0fed6fa2f3572636b628398d69201d11ef9c44a33491d36e5193364c0fd22a1e | Triage

Submit
Reports

Overview

overview

Static

static

0fed6fa2f3...1e.exe

windows7_x64

0fed6fa2f3...1e.exe

windows10-2004_x64

Sharing

General

Target

0fed6fa2f3572636b628398d69201d11ef9c44a33491d36e5193364c0fd22a1e
Size

233KB
Sample

220708-yrf16ahcf4
MD5

c6178edfa12115bff102f02764b97dd5
SHA1

ef4bdbbdd4ce3b0fb1c6b1d778ee87ad1884f57a
SHA256

0fed6fa2f3572636b628398d69201d11ef9c44a33491d36e5193364c0fd22a1e
SHA512

aef18e6d76b7b95afaaa24f3a79041882a0a0a0e2931fb4a4506861f3f4f2d82050beef09ae7148488de28ca6a01f6fd56eb165c8c1f35f6e3b0f64d5b1043c7

Score

10^/10

netwire botnet rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

0fed6fa2f3572636b628398d69201d11ef9c44a33491d36e5193364c0fd22a1e.exe

Resource

win7-20220414-en

netwire botnet rat stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

0fed6fa2f3572636b628398d69201d11ef9c44a33491d36e5193364c0fd22a1e.exe

Resource

win10v2004-20220414-en

netwire botnet rat stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

netwire

C2

vegan.giize.com:1604

Attributes

activex_autorun
false
copy_executable
false
delete_original
false
host_id
HostId-%Rand%
lock_executable
false
offline_keylogger
false
password
Password
registry_autorun
false
use_mutex
false

Targets

- Target
  
  0fed6fa2f3572636b628398d69201d11ef9c44a33491d36e5193364c0fd22a1e
- Size
  
  233KB
- MD5
  
  c6178edfa12115bff102f02764b97dd5
- SHA1
  
  ef4bdbbdd4ce3b0fb1c6b1d778ee87ad1884f57a
- SHA256
  
  0fed6fa2f3572636b628398d69201d11ef9c44a33491d36e5193364c0fd22a1e
- SHA512
  
  aef18e6d76b7b95afaaa24f3a79041882a0a0a0e2931fb4a4506861f3f4f2d82050beef09ae7148488de28ca6a01f6fd56eb165c8c1f35f6e3b0f64d5b1043c7
Score

10^/10

netwire botnet rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

netwirebotnetratstealer

behavioral2

netwirebotnetratstealer

© 2018-2024

Terms | Privacy