netwire | d49ae415cb86861a5dda7254a78dc8a2f68b4976e92cb3c5a62584c33375bdeb | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

d49ae415cb86861a5dda7254a78dc8a2f68b4976e92cb3c5a62584c33375bdeb
Size

273KB
Sample

220802-v4gxfaaegj
MD5

b701f11ecf355febaa54d234d9b33529
SHA1

7e4284a948d832df348de41751a5e4a629f069b8
SHA256

d49ae415cb86861a5dda7254a78dc8a2f68b4976e92cb3c5a62584c33375bdeb
SHA512

d9da904e7ee28e7d2977212e7b5eefb17f85c2d38029d4605b7c3b36167d0bf2699123041c11fd72a5791e0e21f53b01340963c9affb73ef9901b34c5f5089bb

Score

10^/10

netwire botnet rat spyware stealer upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

d49ae415cb86861a5dda7254a78dc8a2f68b4976e92cb3c5a62584c33375bdeb.exe

Resource

win10-20220414-en

netwire botnet spyware stealer upx

windows10-1703-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

netwire

C2

ponchikvps.ddns.net:3360

Attributes

activex_autorun
false
copy_executable
false
delete_original
false
host_id
HostId-%Rand%
lock_executable
false
offline_keylogger
false
password
Password
registry_autorun
false
use_mutex
false

Targets

- Target
  
  d49ae415cb86861a5dda7254a78dc8a2f68b4976e92cb3c5a62584c33375bdeb
- Size
  
  273KB
- MD5
  
  b701f11ecf355febaa54d234d9b33529
- SHA1
  
  7e4284a948d832df348de41751a5e4a629f069b8
- SHA256
  
  d49ae415cb86861a5dda7254a78dc8a2f68b4976e92cb3c5a62584c33375bdeb
- SHA512
  
  d9da904e7ee28e7d2977212e7b5eefb17f85c2d38029d4605b7c3b36167d0bf2699123041c11fd72a5791e0e21f53b01340963c9affb73ef9901b34c5f5089bb
Score

10^/10

netwire botnet spyware stealer upx
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

netwirebotnetspywarestealerupx

© 2018-2024

Terms | Privacy