netwire | 4da8b2472aed704be965cf0be9095587b0671c0db6f76a4556d1d4ae63ce06d4 | Triage

Submit
Reports

Overview

overview

Static

static

8

4da8b2472a...d4.exe

windows7-x64

4da8b2472a...d4.exe

windows10-2004-x64

Sharing

General

Target

4da8b2472aed704be965cf0be9095587b0671c0db6f76a4556d1d4ae63ce06d4
Size

682KB
Sample

220720-y6tkssaebp
MD5

65d41f5ef55a7963d72a21deebebdfe0
SHA1

13332d7870618f2e635ac3ac9a45887fed8c29b4
SHA256

4da8b2472aed704be965cf0be9095587b0671c0db6f76a4556d1d4ae63ce06d4
SHA512

37a8fdb68d1d7719ae804cc23abde7a883b8771c78e767cfbfbb31fde8b59e338c7e400509ccf31062d50721d9e2dc19c9b00cb6b348ef442ad71ec6d9c67da8

Score

10^/10

netwire botnet rat stealer upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

4da8b2472aed704be965cf0be9095587b0671c0db6f76a4556d1d4ae63ce06d4.exe

Resource

win7-20220718-en

netwire botnet rat stealer upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

4da8b2472aed704be965cf0be9095587b0671c0db6f76a4556d1d4ae63ce06d4.exe

Resource

win10v2004-20220718-en

netwire botnet rat stealer upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

netwire

C2

wordoffice.duckdns.org:6988

Attributes

activex_autorun
false
copy_executable
false
delete_original
true
host_id
HostId-%Rand%
keylogger_dir
%AppData%\Logs\
lock_executable
false
mutex
buSWjWbk
offline_keylogger
true
password
123
registry_autorun
false
use_mutex
true

Targets

- Target
  
  4da8b2472aed704be965cf0be9095587b0671c0db6f76a4556d1d4ae63ce06d4
- Size
  
  682KB
- MD5
  
  65d41f5ef55a7963d72a21deebebdfe0
- SHA1
  
  13332d7870618f2e635ac3ac9a45887fed8c29b4
- SHA256
  
  4da8b2472aed704be965cf0be9095587b0671c0db6f76a4556d1d4ae63ce06d4
- SHA512
  
  37a8fdb68d1d7719ae804cc23abde7a883b8771c78e767cfbfbb31fde8b59e338c7e400509ccf31062d50721d9e2dc19c9b00cb6b348ef442ad71ec6d9c67da8
Score

10^/10

netwire botnet rat stealer upx
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

netwirebotnetratstealerupx

behavioral2

netwirebotnetratstealerupx

© 2018-2024

Terms | Privacy