Extracted

• • Target

    bea60e5ba81781d9ce1b148dcd77412da965d93730bf8f2608c7b077f07e68ca

  • Size

    1.2MB

  • MD5

    1c1dc513c93df358bbfe566a37b32359

  • SHA1

    7281a9babd20a1a5a48ace5fdefa558603c55152

  • SHA256

    bea60e5ba81781d9ce1b148dcd77412da965d93730bf8f2608c7b077f07e68ca

  • SHA512

    fa2fc9eff890657501ea9c627dd107c17a5b077bd46369bf73cf74056b372baa2790dcad2461fc899f55e0e4445eceebd9d32cc06c7c393d97841ff77e369a0f

  Score

  10^/10

  netwirebotnetpersistenceratstealer

  • NetWire RAT payload

    rat

  • Netwire

    Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    botnetstealernetwire

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2