Overview

overview

10

Static

static

Order NO01...01.exe

windows7-x64

10

Order NO01...01.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Order NO0199344401.exe

  • Size

    627KB

  • Sample

    220725-hcxscsahel

  • MD5

    d117ae838dd79cd03233a72d679a8bac

  • SHA1

    1e4bae77f84e868f6e306ae409e4a43cfd155a2b

  • SHA256

    a22f0ccaf502f542dae2af218319b9f14bae57849237142ea0f16bef196f4027

  • SHA512

    d22ba5fac4673feabb1ad9aee231f35b1ad4fc488221100cf4c2b6e1a96df57b49c2e2c60e9bfacae06c895d87ffc4e561cad85ee9fd557141582b1ee4cb4fda

Score
10/10
netwirebotnetratstealer

Malware Config

Extracted

Family

netwire

C2

loffgghh.duckdns.org:3300

Attributes
  • activex_autorun

    false

  • copy_executable

    false

  • delete_original

    false

  • host_id

    HostId-%Rand%

  • lock_executable

    false

  • offline_keylogger

    false

  • password

    Password

  • registry_autorun

    false

  • use_mutex

    false

Targets

    • Target

      Order NO0199344401.exe

    • Size

      627KB

    • MD5

      d117ae838dd79cd03233a72d679a8bac

    • SHA1

      1e4bae77f84e868f6e306ae409e4a43cfd155a2b

    • SHA256

      a22f0ccaf502f542dae2af218319b9f14bae57849237142ea0f16bef196f4027

    • SHA512

      d22ba5fac4673feabb1ad9aee231f35b1ad4fc488221100cf4c2b6e1a96df57b49c2e2c60e9bfacae06c895d87ffc4e561cad85ee9fd557141582b1ee4cb4fda

    Score
    10/10
    netwirebotnetratstealer

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks