netwire | 931e2bb5a492d45b28674a359c1bc94c891f018a42b98d0620e85c86d88ef635 | Triage

Submit
Reports

Overview

overview

Static

static

931e2bb5a4...35.exe

windows7-x64

931e2bb5a4...35.exe

windows10-2004-x64

Sharing

General

Target

931e2bb5a492d45b28674a359c1bc94c891f018a42b98d0620e85c86d88ef635
Size

127KB
Sample

220724-v8zm2sdahk
MD5

2749f4110e91606af5c649d9b20fb397
SHA1

3f4ce2d235c9af037871556a6d019ba1c3d206d1
SHA256

931e2bb5a492d45b28674a359c1bc94c891f018a42b98d0620e85c86d88ef635
SHA512

b272282f970ea9073c1cec7f9f85c82e2060112b4123729b9f497891de8b7c60e350f3be9e3dd77ea10d79c1c06e415ee3e4ead50b2c8ad1a998508e5ee2dcef

Score

10^/10

netwire botnet rat stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

931e2bb5a492d45b28674a359c1bc94c891f018a42b98d0620e85c86d88ef635.exe

Resource

win7-20220718-en

netwire botnet rat stealer

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

931e2bb5a492d45b28674a359c1bc94c891f018a42b98d0620e85c86d88ef635.exe

Resource

win10v2004-20220721-en

netwire botnet rat stealer

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  931e2bb5a492d45b28674a359c1bc94c891f018a42b98d0620e85c86d88ef635
- Size
  
  127KB
- MD5
  
  2749f4110e91606af5c649d9b20fb397
- SHA1
  
  3f4ce2d235c9af037871556a6d019ba1c3d206d1
- SHA256
  
  931e2bb5a492d45b28674a359c1bc94c891f018a42b98d0620e85c86d88ef635
- SHA512
  
  b272282f970ea9073c1cec7f9f85c82e2060112b4123729b9f497891de8b7c60e350f3be9e3dd77ea10d79c1c06e415ee3e4ead50b2c8ad1a998508e5ee2dcef
Score

10^/10

netwire botnet rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

netwirebotnetratstealer

behavioral2

netwirebotnetratstealer

© 2018-2024

Terms | Privacy