netwire | e4497e65a70f5b67e047a77edcd9e5b4b422db8849e502f2e6515c13bb512ef9 | Triage

Submit
Reports

Overview

overview

Static

static

e4497e65a7...f9.exe

windows7-x64

e4497e65a7...f9.exe

windows10-2004-x64

Sharing

General

Target

e4497e65a70f5b67e047a77edcd9e5b4b422db8849e502f2e6515c13bb512ef9
Size

584KB
Sample

220731-hbtdjsdgbk
MD5

8aea8fc8826fe38a4f4122b7fb50b13b
SHA1

7b38e56acf0b18425e864174331a98cb99846fc4
SHA256

e4497e65a70f5b67e047a77edcd9e5b4b422db8849e502f2e6515c13bb512ef9
SHA512

ff390e8d79c94264789262d2bfb4ac7899a87c2e7b5a299268b4a88ad3ba01d916a33f06b32f0893d0beb92bbdb626a6f5e827a8ae02cc316152118e4a996cac

Score

10^/10

netwire botnet rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

e4497e65a70f5b67e047a77edcd9e5b4b422db8849e502f2e6515c13bb512ef9.exe

Resource

win7-20220715-en

netwire botnet rat stealer

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

e4497e65a70f5b67e047a77edcd9e5b4b422db8849e502f2e6515c13bb512ef9.exe

Resource

win10v2004-20220721-en

netwire botnet rat stealer

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

netwire

C2

10.99.94.6:9008

Attributes

activex_autorun
false
copy_executable
false
delete_original
false
host_id
HostId-%Rand%
lock_executable
false
offline_keylogger
false
password
Password
registry_autorun
false
use_mutex
false

Targets

- Target
  
  e4497e65a70f5b67e047a77edcd9e5b4b422db8849e502f2e6515c13bb512ef9
- Size
  
  584KB
- MD5
  
  8aea8fc8826fe38a4f4122b7fb50b13b
- SHA1
  
  7b38e56acf0b18425e864174331a98cb99846fc4
- SHA256
  
  e4497e65a70f5b67e047a77edcd9e5b4b422db8849e502f2e6515c13bb512ef9
- SHA512
  
  ff390e8d79c94264789262d2bfb4ac7899a87c2e7b5a299268b4a88ad3ba01d916a33f06b32f0893d0beb92bbdb626a6f5e827a8ae02cc316152118e4a996cac
Score

10^/10

netwire botnet rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

netwirebotnetratstealer

behavioral2

netwirebotnetratstealer

© 2018-2024

Terms | Privacy