Overview

overview

10

Static

static

5

edcaf3b7b2...34.exe

windows7-x64

7

edcaf3b7b2...34.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    edcaf3b7b21472db3298efbc3a0ef368222edb905fb7d4019ae59d9a81819834

  • Size

    1.2MB

  • Sample

    220725-ag1e2sefd4

  • MD5

    563d570e33d53b6183dbb49b0e3b88a5

  • SHA1

    efb849a172878d92b44e0c7d5afbe68c10a2406d

  • SHA256

    edcaf3b7b21472db3298efbc3a0ef368222edb905fb7d4019ae59d9a81819834

  • SHA512

    5454c4cc3a5baa8b2e07dc08f285659e723ffb6df8865217d3d774a9dd73fb38145edaa6b60788cab27f9a847d03fa42bc1b5ee75e4e01e5fe85a91bf5c376a9

Score
10/10
netwirebotnetratstealer

Malware Config

Extracted

Family

netwire

C2

79.134.225.73:1968

Attributes
  • activex_autorun

    false

  • copy_executable

    false

  • delete_original

    false

  • host_id

    pd1n9

  • lock_executable

    false

  • mutex

    KHAtGUwc

  • offline_keylogger

    false

  • password

    Kimbolsapoq!P13

  • registry_autorun

    false

  • use_mutex

    true

Targets

    • Target

      edcaf3b7b21472db3298efbc3a0ef368222edb905fb7d4019ae59d9a81819834

    • Size

      1.2MB

    • MD5

      563d570e33d53b6183dbb49b0e3b88a5

    • SHA1

      efb849a172878d92b44e0c7d5afbe68c10a2406d

    • SHA256

      edcaf3b7b21472db3298efbc3a0ef368222edb905fb7d4019ae59d9a81819834

    • SHA512

      5454c4cc3a5baa8b2e07dc08f285659e723ffb6df8865217d3d774a9dd73fb38145edaa6b60788cab27f9a847d03fa42bc1b5ee75e4e01e5fe85a91bf5c376a9

    Score
    10/10
    netwirebotnetratstealer

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks