netwire | a40124b437f62aba90af59ec30355a9ab7b1dbadbf1c18e12394d053c3b7c7b9 | Triage

Submit
Reports

Overview

overview

Static

static

a40124b437...b9.exe

windows7-x64

a40124b437...b9.exe

windows10-2004-x64

Sharing

General

Target

a40124b437f62aba90af59ec30355a9ab7b1dbadbf1c18e12394d053c3b7c7b9
Size

159KB
Sample

220731-lxrnmabgak
MD5

389eb42409ce5da14af2311a26a1e8cf
SHA1

0e2305cc75cf934521243b162b1b7f260407e0db
SHA256

a40124b437f62aba90af59ec30355a9ab7b1dbadbf1c18e12394d053c3b7c7b9
SHA512

45a944f6d7974e406e119e5a73b956821ccf96fe4b999cf8a351105215d27491fcd1ec6489be065f8b04f69698b758ef1302dc62699613962cd5863b096ab382

Score

10^/10

netwire botnet rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

a40124b437f62aba90af59ec30355a9ab7b1dbadbf1c18e12394d053c3b7c7b9.exe

Resource

win7-20220718-en

netwire botnet rat stealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

a40124b437f62aba90af59ec30355a9ab7b1dbadbf1c18e12394d053c3b7c7b9.exe

Resource

win10v2004-20220721-en

netwire botnet rat stealer

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  a40124b437f62aba90af59ec30355a9ab7b1dbadbf1c18e12394d053c3b7c7b9
- Size
  
  159KB
- MD5
  
  389eb42409ce5da14af2311a26a1e8cf
- SHA1
  
  0e2305cc75cf934521243b162b1b7f260407e0db
- SHA256
  
  a40124b437f62aba90af59ec30355a9ab7b1dbadbf1c18e12394d053c3b7c7b9
- SHA512
  
  45a944f6d7974e406e119e5a73b956821ccf96fe4b999cf8a351105215d27491fcd1ec6489be065f8b04f69698b758ef1302dc62699613962cd5863b096ab382
Score

10^/10

netwire botnet rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

netwirebotnetratstealer

behavioral2

netwirebotnetratstealer

© 2018-2024

Terms | Privacy