netwire | d9bcd56ce04acd7f386b7b9bcd9d1b23903e0a531f4cb9f85c968fc35d5f12f5 | Triage

Submit
Reports

Overview

overview

Static

static

d9bcd56ce0...f5.exe

windows7-x64

d9bcd56ce0...f5.exe

windows10-2004-x64

Sharing

General

Target

d9bcd56ce04acd7f386b7b9bcd9d1b23903e0a531f4cb9f85c968fc35d5f12f5
Size

603KB
Sample

220724-y6y6aafdgl
MD5

753057142054aef9667cff7e3f77694f
SHA1

36e5afab719c91c320b50a1aded97b9af55c8b6a
SHA256

d9bcd56ce04acd7f386b7b9bcd9d1b23903e0a531f4cb9f85c968fc35d5f12f5
SHA512

f9bedd1ec2bc3a506938a5719d5342261922ebb9b94fa7e1f1581f0c076effbb8dcf7a807157c38196ba859644fb3ac1e492811a45fe0c6550161dffe80d51ec

Score

10^/10

netwire botnet rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

d9bcd56ce04acd7f386b7b9bcd9d1b23903e0a531f4cb9f85c968fc35d5f12f5.exe

Resource

win7-20220718-en

netwire botnet rat stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

d9bcd56ce04acd7f386b7b9bcd9d1b23903e0a531f4cb9f85c968fc35d5f12f5.exe

Resource

win10v2004-20220721-en

netwire botnet rat stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  d9bcd56ce04acd7f386b7b9bcd9d1b23903e0a531f4cb9f85c968fc35d5f12f5
- Size
  
  603KB
- MD5
  
  753057142054aef9667cff7e3f77694f
- SHA1
  
  36e5afab719c91c320b50a1aded97b9af55c8b6a
- SHA256
  
  d9bcd56ce04acd7f386b7b9bcd9d1b23903e0a531f4cb9f85c968fc35d5f12f5
- SHA512
  
  f9bedd1ec2bc3a506938a5719d5342261922ebb9b94fa7e1f1581f0c076effbb8dcf7a807157c38196ba859644fb3ac1e492811a45fe0c6550161dffe80d51ec
Score

10^/10

netwire botnet rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

netwirebotnetratstealer

behavioral2

netwirebotnetratstealer

© 2018-2024

Terms | Privacy