Extracted

• • Target

    587011c1c797b633a7dc0a2658e00a597066236c57acb0ed48abd732c9408d2f

  • Size

    558KB

  • MD5

    f131435dead0e37aee759622ababb51f

  • SHA1

    3fb5bd52e8dc3bbc0a072ceda02255e8f9f4ea70

  • SHA256

    587011c1c797b633a7dc0a2658e00a597066236c57acb0ed48abd732c9408d2f

  • SHA512

    a16240153654064a65c32d17f9b8e6cb75924f37547b93b47a489aaa48a69a8c442947d1f559d1b9efc51a909f96f8e23a93f1bee721e6b2e7180dfcd938552f

  Score

  10^/10

  netwirebotnetpersistenceratstealer

  • NetWire RAT payload

    rat

  • Netwire

    Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    botnetstealernetwire

  • Modifies Installed Components in the registry

    persistence

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2