Overview

overview

10

Static

static

5725b136e0...5c.exe

windows7-x64

10

5725b136e0...5c.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5725b136e0831c23a4c3a7394ff74ad7dd627205d006b65659ea0ba56af43e5c

  • Size

    216KB

  • Sample

    220725-axbfvsfcg7

  • MD5

    4c0d71906fa0cf0bda68d486000044e4

  • SHA1

    fa991f76283138530a5a7bcb7b4e7dedd9e7e567

  • SHA256

    5725b136e0831c23a4c3a7394ff74ad7dd627205d006b65659ea0ba56af43e5c

  • SHA512

    f636adb457276398158006956b27dd4cb742a01c04a511f685cca04bef61444662c9362ceee052f8676b00f0042fdf0f1b9b5f5891085d4ae1c15f47c6f19e4c

Score
10/10
netwirebotnetratstealer

Malware Config

Extracted

Family

netwire

C2

auth.dynns.com:1212

auth.myddns.me:1111
Attributes
  • activex_autorun

    false

  • copy_executable

    true

  • delete_original

    true

  • host_id

    HostId-%Rand%

  • install_path

    %AppData%\Install\Host.exe

  • keylogger_dir

    %AppData%\Logs\

  • lock_executable

    false

  • offline_keylogger

    true

  • password

    Password

  • registry_autorun

    false

  • use_mutex

    false

Targets

    • Target

      5725b136e0831c23a4c3a7394ff74ad7dd627205d006b65659ea0ba56af43e5c

    • Size

      216KB

    • MD5

      4c0d71906fa0cf0bda68d486000044e4

    • SHA1

      fa991f76283138530a5a7bcb7b4e7dedd9e7e567

    • SHA256

      5725b136e0831c23a4c3a7394ff74ad7dd627205d006b65659ea0ba56af43e5c

    • SHA512

      f636adb457276398158006956b27dd4cb742a01c04a511f685cca04bef61444662c9362ceee052f8676b00f0042fdf0f1b9b5f5891085d4ae1c15f47c6f19e4c

    Score
    10/10
    netwirebotnetratstealer

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Executes dropped EXE

    • Deletes itself

    • Drops startup file

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks