Extracted

• • Target

    500808c33b37f95c8cddbce21d8a69bbbc2270a78c9771df69435cdd80794ad4

  • Size

    584KB

  • MD5

    8e1d1a09e94f30ec964448c915101d2b

  • SHA1

    c85d5abb51639c3fddd927978c0e5277b5fb941e

  • SHA256

    500808c33b37f95c8cddbce21d8a69bbbc2270a78c9771df69435cdd80794ad4

  • SHA512

    00d53510186d9009548c83a64d2e5a759df2a9a255919aff8049346903fba5289a6c912274d2e9e08e4e78fc9e0deda3bbaceebe116f369a6cf711ddb7f99ab2

  Score

  10^/10

  netwirebotnetpersistenceratstealer

  • NetWire RAT payload

    rat

  • Netwire

    Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    botnetstealernetwire

  • Adds Run key to start application

    persistence

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2