netwire | 5ded0821335f676cc6ebe00711e0ec55297efe5d88468f7814b6241e16b0cb23 | Triage

Submit
Reports

Overview

overview

Static

static

5ded082133...23.exe

windows7-x64

5ded082133...23.exe

windows10-2004-x64

Sharing

General

Target

5ded0821335f676cc6ebe00711e0ec55297efe5d88468f7814b6241e16b0cb23
Size

374KB
Sample

220731-1v2hdaaaf7
MD5

9d5c47402efe9b9cfdf9e75d93d0f35f
SHA1

ed32b8730cffa1a3a6e27f5a5e6273d69c9f7ac5
SHA256

5ded0821335f676cc6ebe00711e0ec55297efe5d88468f7814b6241e16b0cb23
SHA512

ab350091a7b2dd20bf91bfa241b54ac9f7d9668c53ddcfffabb2465817563de2f3ac8bb9ec3f33895636a6ef2108f748d19693ea325a80933b4ae9c902874fe2

Score

10^/10

netwire botnet rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

5ded0821335f676cc6ebe00711e0ec55297efe5d88468f7814b6241e16b0cb23.exe

Resource

win7-20220715-en

netwire botnet rat stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

5ded0821335f676cc6ebe00711e0ec55297efe5d88468f7814b6241e16b0cb23.exe

Resource

win10v2004-20220721-en

netwire botnet rat stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

netwire

C2

fingers1.ddns.net:3360

Attributes

activex_autorun
false
copy_executable
false
delete_original
false
host_id
HostId-%Rand%
keylogger_dir
%AppData%\Logs\
lock_executable
false
offline_keylogger
true
password
Password
registry_autorun
false
use_mutex
false

Targets

- Target
  
  5ded0821335f676cc6ebe00711e0ec55297efe5d88468f7814b6241e16b0cb23
- Size
  
  374KB
- MD5
  
  9d5c47402efe9b9cfdf9e75d93d0f35f
- SHA1
  
  ed32b8730cffa1a3a6e27f5a5e6273d69c9f7ac5
- SHA256
  
  5ded0821335f676cc6ebe00711e0ec55297efe5d88468f7814b6241e16b0cb23
- SHA512
  
  ab350091a7b2dd20bf91bfa241b54ac9f7d9668c53ddcfffabb2465817563de2f3ac8bb9ec3f33895636a6ef2108f748d19693ea325a80933b4ae9c902874fe2
Score

10^/10

netwire botnet rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Drops startup file
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

netwirebotnetratstealer

behavioral2

netwirebotnetratstealer

© 2018-2024

Terms | Privacy