netwire | 4ef520b5bbc4521edc2b600918eac72d04608600a8ec295df06db5c9ed3a5e13 | Triage

Submit
Reports

Overview

overview

Static

static

4ef520b5bb...13.exe

windows7-x64

4ef520b5bb...13.exe

windows10-2004-x64

Sharing

General

Target

4ef520b5bbc4521edc2b600918eac72d04608600a8ec295df06db5c9ed3a5e13
Size

1.7MB
Sample

220720-tedcaaafal
MD5

eac50aecd140f50a9b05bd1d7ead0895
SHA1

605890b47e3f232196ff9e21ca983a91278f8c1e
SHA256

4ef520b5bbc4521edc2b600918eac72d04608600a8ec295df06db5c9ed3a5e13
SHA512

eedb9a7ac6465476ba6d62bb2bb5ef5c97fd733bd83a6956d36d087239a8de5d11e020caa14b88723b91979bc39eeac0398c0180f32f452e598465bf5ab82e49

Score

10^/10

netwire botnet rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

4ef520b5bbc4521edc2b600918eac72d04608600a8ec295df06db5c9ed3a5e13.exe

Resource

win7-20220718-en

netwire botnet rat stealer

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

4ef520b5bbc4521edc2b600918eac72d04608600a8ec295df06db5c9ed3a5e13.exe

Resource

win10v2004-20220718-en

netwire botnet rat stealer

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

netwire

C2

216.38.2.197:6080

Attributes

activex_autorun
false
copy_executable
true
delete_original
false
host_id
FEB2K19
install_path
%AppData%\Install\Wordpads.exe
keylogger_dir
%AppData%\sgol\
lock_executable
false
offline_keylogger
true
password
&+~K4r)"5WGP2j*
registry_autorun
false
use_mutex
false

Targets

- Target
  
  4ef520b5bbc4521edc2b600918eac72d04608600a8ec295df06db5c9ed3a5e13
- Size
  
  1.7MB
- MD5
  
  eac50aecd140f50a9b05bd1d7ead0895
- SHA1
  
  605890b47e3f232196ff9e21ca983a91278f8c1e
- SHA256
  
  4ef520b5bbc4521edc2b600918eac72d04608600a8ec295df06db5c9ed3a5e13
- SHA512
  
  eedb9a7ac6465476ba6d62bb2bb5ef5c97fd733bd83a6956d36d087239a8de5d11e020caa14b88723b91979bc39eeac0398c0180f32f452e598465bf5ab82e49
Score

10^/10

netwire botnet rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

netwirebotnetratstealer

behavioral2

netwirebotnetratstealer

© 2018-2024

Terms | Privacy