netwire | 596c61c9c3a7a0ba5419dab7a5ef731310560bbd8720fc8d157deb6c1b77762b | Triage

Submit
Reports

Overview

overview

Static

static

596c61c9c3...2b.exe

windows7-x64

596c61c9c3...2b.exe

windows10-2004-x64

Sharing

General

Target

596c61c9c3a7a0ba5419dab7a5ef731310560bbd8720fc8d157deb6c1b77762b
Size

484KB
Sample

220724-ekh3dseeap
MD5

9ceb56c944daaac4d44ec26684512979
SHA1

7df0bcc528c506ad4cde9bde3cfdce0e9dc471e7
SHA256

596c61c9c3a7a0ba5419dab7a5ef731310560bbd8720fc8d157deb6c1b77762b
SHA512

a7ddfbf68b943662fc74b700d1ce18b5449081a7e77d32c549cbeee565b2c12402ae5340b1ec06b4b314650b84b3d0b9156a44816af281851f9880b351ae54c3

Score

10^/10

netwire botnet rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

596c61c9c3a7a0ba5419dab7a5ef731310560bbd8720fc8d157deb6c1b77762b.exe

Resource

win7-20220715-en

netwire botnet rat stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

596c61c9c3a7a0ba5419dab7a5ef731310560bbd8720fc8d157deb6c1b77762b.exe

Resource

win10v2004-20220721-en

netwire botnet rat stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

netwire

C2

185.208.211.136:3368

Attributes

activex_autorun
false
copy_executable
false
delete_original
false
host_id
HostId-%Rand%
keylogger_dir
%AppData%\Logs\
lock_executable
false
mutex
UIOnYWdp
offline_keylogger
true
password
Gentle123
registry_autorun
false
use_mutex
true

Targets

- Target
  
  596c61c9c3a7a0ba5419dab7a5ef731310560bbd8720fc8d157deb6c1b77762b
- Size
  
  484KB
- MD5
  
  9ceb56c944daaac4d44ec26684512979
- SHA1
  
  7df0bcc528c506ad4cde9bde3cfdce0e9dc471e7
- SHA256
  
  596c61c9c3a7a0ba5419dab7a5ef731310560bbd8720fc8d157deb6c1b77762b
- SHA512
  
  a7ddfbf68b943662fc74b700d1ce18b5449081a7e77d32c549cbeee565b2c12402ae5340b1ec06b4b314650b84b3d0b9156a44816af281851f9880b351ae54c3
Score

10^/10

netwire botnet rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

netwirebotnetratstealer

behavioral2

netwirebotnetratstealer

© 2018-2024

Terms | Privacy