Overview

overview

10

Static

static

Quote.exe

windows7-x64

10

Quote.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Quote.exe

  • Size

    530KB

  • Sample

    220722-hwdtladde4

  • MD5

    0de551c3a895fb267496eed5d0741f36

  • SHA1

    dfe8140401a22b40729ffdb3e333dbaea36965fa

  • SHA256

    5712e0a231e705d4438c09a5aacfdb9b753f9a2cc8a110c2b13606cdac708d42

  • SHA512

    4d752728eac9ec8020fb4e49b22437ba5171d1c16f44441b4d01625f1bd6c5250fa906923001686b2f17eb34a99173da0118ce32e896e5bc54f0847deb8e6ca4

Score
10/10
netwirebotnetratstealer

Malware Config

Extracted

Family

netwire

C2

194.5.98.126:3378

Attributes
  • activex_autorun

    false

  • copy_executable

    false

  • delete_original

    false

  • host_id

    HostId-%Rand%

  • keylogger_dir

    %AppData%\Logs\

  • lock_executable

    false

  • offline_keylogger

    true

  • password

    Pass@2023

  • registry_autorun

    false

  • use_mutex

    false

Targets

    • Target

      Quote.exe

    • Size

      530KB

    • MD5

      0de551c3a895fb267496eed5d0741f36

    • SHA1

      dfe8140401a22b40729ffdb3e333dbaea36965fa

    • SHA256

      5712e0a231e705d4438c09a5aacfdb9b753f9a2cc8a110c2b13606cdac708d42

    • SHA512

      4d752728eac9ec8020fb4e49b22437ba5171d1c16f44441b4d01625f1bd6c5250fa906923001686b2f17eb34a99173da0118ce32e896e5bc54f0847deb8e6ca4

    Score
    10/10
    netwirebotnetratstealer

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks