Overview

overview

10

Static

static

Quote.exe

windows7-x64

10

Quote.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Quote.exe

  • Size

    808KB

  • Sample

    220718-mgh7zsbdh7

  • MD5

    a611359914b91f5b69613c7de9bc3745

  • SHA1

    52fa5457ac379e8327ec1b37fcfce26d46eba39b

  • SHA256

    bcc6ba14b357c5f88e7e495d16411be6d488918c743214018db2c8e45961fd94

  • SHA512

    a0b7a9333a3203d64948ea99a5511783d8972e031bd90f03d884b8f3b0c943a9f90dbad6402e185db6ff2884d166ad0b134e59526e8d4d665763d40b0704a06d

Score
10/10
netwirebotnetratstealer

Malware Config

Extracted

Family

netwire

C2

194.5.98.126:3378

Attributes
  • activex_autorun

    false

  • copy_executable

    false

  • delete_original

    false

  • host_id

    HostId-%Rand%

  • keylogger_dir

    %AppData%\Logs\

  • lock_executable

    false

  • offline_keylogger

    true

  • password

    Pass@2023

  • registry_autorun

    false

  • use_mutex

    false

Targets

    • Target

      Quote.exe

    • Size

      808KB

    • MD5

      a611359914b91f5b69613c7de9bc3745

    • SHA1

      52fa5457ac379e8327ec1b37fcfce26d46eba39b

    • SHA256

      bcc6ba14b357c5f88e7e495d16411be6d488918c743214018db2c8e45961fd94

    • SHA512

      a0b7a9333a3203d64948ea99a5511783d8972e031bd90f03d884b8f3b0c943a9f90dbad6402e185db6ff2884d166ad0b134e59526e8d4d665763d40b0704a06d

    Score
    10/10
    netwirebotnetratstealer

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks