netwire | 74cb2165665a7f5c4c42bb4cf20433469f8d3a05b46967658440324aa811a9d7 | Triage

Submit
Reports

Overview

overview

Static

static

INV9328787...87.exe

windows7-x64

INV9328787...87.exe

windows10-2004-x64

7

Sharing

General

Target

INV932878723873287.exe
Size

1.1MB
Sample

220727-ccph4ahbak
MD5

79d745dd588905fb5c97c1ca5c2fb258
SHA1

8aed10d9c0f3df87c9b7a453535fb7df758ab483
SHA256

74cb2165665a7f5c4c42bb4cf20433469f8d3a05b46967658440324aa811a9d7
SHA512

93ba30b15c00eb100c57a80a24d66782f49e731da504d2c240c897d202e41b99229a7aab334ca89f85b0fa6e6c47a4cea2459a3b65b4727ccece502b81c26572

Score

10^/10

netwire botnet rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

INV932878723873287.exe

Resource

win7-20220718-en

netwire botnet rat stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

INV932878723873287.exe

Resource

win10v2004-20220721-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

netwire

C2

149.102.132.253:3399

Attributes

activex_autorun
false
copy_executable
false
delete_original
false
host_id
HostId-%Rand%
lock_executable
false
offline_keylogger
false
password
Password
registry_autorun
false
use_mutex
false

Targets

- Target
  
  INV932878723873287.exe
- Size
  
  1.1MB
- MD5
  
  79d745dd588905fb5c97c1ca5c2fb258
- SHA1
  
  8aed10d9c0f3df87c9b7a453535fb7df758ab483
- SHA256
  
  74cb2165665a7f5c4c42bb4cf20433469f8d3a05b46967658440324aa811a9d7
- SHA512
  
  93ba30b15c00eb100c57a80a24d66782f49e731da504d2c240c897d202e41b99229a7aab334ca89f85b0fa6e6c47a4cea2459a3b65b4727ccece502b81c26572
Score

10^/10

netwire botnet rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Scripting

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

netwirebotnetratstealer

behavioral2

© 2018-2024

Terms | Privacy