netwire | 8d30b1713bdbee571ed08365e29d34de1fd0d152a9d816a1e315d92b384f94e9 | Triage

Submit
Reports

Overview

overview

Static

static

Payment co...on.exe

windows7-x64

Payment co...on.exe

windows10-2004-x64

Sharing

General

Target

Payment confirmation.exe
Size

829KB
Sample

220801-n456pshbbn
MD5

ba419928d6a9ef178f04260d57f1df7e
SHA1

754c7e767823aa6b39db9266c3fbd6f466b942a8
SHA256

8d30b1713bdbee571ed08365e29d34de1fd0d152a9d816a1e315d92b384f94e9
SHA512

1a33cb673c9117b24e3699117d5de8a49e9e0c5c08a9b115edd4524e58e6a9b8c9f61672035147b7b3c726711c67f0ff902ce28a3fe2511db0d1aa3e4ad42f34

Score

10^/10

netwire botnet rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

Payment confirmation.exe

Resource

win7-20220718-en

netwire botnet rat stealer

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

Payment confirmation.exe

Resource

win10v2004-20220721-en

netwire botnet rat stealer

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

netwire

C2

185.140.53.61:3363

185.140.53.61:3365

Attributes

activex_autorun
false
copy_executable
false
delete_original
false
host_id
HostId-%Rand%
keylogger_dir
%AppData%\Logs\
lock_executable
false
offline_keylogger
true
password
move4ward
registry_autorun
false
use_mutex
false

Targets

- Target
  
  Payment confirmation.exe
- Size
  
  829KB
- MD5
  
  ba419928d6a9ef178f04260d57f1df7e
- SHA1
  
  754c7e767823aa6b39db9266c3fbd6f466b942a8
- SHA256
  
  8d30b1713bdbee571ed08365e29d34de1fd0d152a9d816a1e315d92b384f94e9
- SHA512
  
  1a33cb673c9117b24e3699117d5de8a49e9e0c5c08a9b115edd4524e58e6a9b8c9f61672035147b7b3c726711c67f0ff902ce28a3fe2511db0d1aa3e4ad42f34
Score

10^/10

netwire botnet rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

netwirebotnetratstealer

behavioral2

netwirebotnetratstealer

© 2018-2024

Terms | Privacy