netwire | 4b08cbfbaf9398c1f64aa4ab23d6197e528a3f06b513f51ac4f74dd95adbd9d5 | Triage

Submit
Reports

Overview

overview

Static

static

8

4b08cbfbaf...d5.exe

windows7_x64

8

4b08cbfbaf...d5.exe

windows10-2004_x64

Sharing

General

Target

4b08cbfbaf9398c1f64aa4ab23d6197e528a3f06b513f51ac4f74dd95adbd9d5
Size

653KB
Sample

220712-nbs1nsffcm
MD5

14bd022f8d3015ed27072197d179f676
SHA1

7cd38a3b9987c7f4e9aff01963f681cde346b8a6
SHA256

4b08cbfbaf9398c1f64aa4ab23d6197e528a3f06b513f51ac4f74dd95adbd9d5
SHA512

f05a3d8b5d47b5f590822dc0beb9ad6b4830862eb10cb9eaa4c5d1405409e2ffa3fd4f4ebf6ba46ceb87ef18bf002463613246f6eb60de62c983f0b4e03223b0

Score

10^/10

netwire botnet rat stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

4b08cbfbaf9398c1f64aa4ab23d6197e528a3f06b513f51ac4f74dd95adbd9d5.exe

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

4b08cbfbaf9398c1f64aa4ab23d6197e528a3f06b513f51ac4f74dd95adbd9d5.exe

Resource

win10v2004-20220414-en

netwire botnet rat stealer upx

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

netwire

C2

185.247.228.18:1968

Attributes

activex_autorun
false
copy_executable
false
delete_original
false
host_id
n5de2
lock_executable
false
mutex
QixvinGV
offline_keylogger
false
password
Kimbolsapoq!P13
registry_autorun
false
use_mutex
true

Targets

- Target
  
  4b08cbfbaf9398c1f64aa4ab23d6197e528a3f06b513f51ac4f74dd95adbd9d5
- Size
  
  653KB
- MD5
  
  14bd022f8d3015ed27072197d179f676
- SHA1
  
  7cd38a3b9987c7f4e9aff01963f681cde346b8a6
- SHA256
  
  4b08cbfbaf9398c1f64aa4ab23d6197e528a3f06b513f51ac4f74dd95adbd9d5
- SHA512
  
  f05a3d8b5d47b5f590822dc0beb9ad6b4830862eb10cb9eaa4c5d1405409e2ffa3fd4f4ebf6ba46ceb87ef18bf002463613246f6eb60de62c983f0b4e03223b0
Score

10^/10

upx netwire botnet rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops startup file
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

netwirebotnetratstealerupx

© 2018-2024

Terms | Privacy