Overview

overview

10

Static

static

10

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    09103f6536c9315c4d1cfa28a4105a2e9bd06f5c432bb62dc5a2b1d0b5902fdd

  • Size

    160KB

  • Sample

    220802-v4kckahda9

  • MD5

    3564b2127c519a9e39b63f0e6994a3d1

  • SHA1

    158c22dea6eb92f518af7ea947e08521a904e3ad

  • SHA256

    09103f6536c9315c4d1cfa28a4105a2e9bd06f5c432bb62dc5a2b1d0b5902fdd

  • SHA512

    37bdd044469917c500a4d4cfc8b8280207198be956bb208efdac7a74dc3a49b97df237885ece8bf8d3e0c9642156c24285e9ed8fa27adad32adbde6613fc5029

Score
10/10
netwirebotnetratstealer

Malware Config

Extracted

Family

netwire

C2

37.0.14.206:3384

Attributes
  • activex_autorun

    false

  • copy_executable

    true

  • delete_original

    false

  • host_id

    HostId-%Rand%

  • install_path

    %AppData%\Install\Host.exe

  • keylogger_dir

    %AppData%\Logs\

  • lock_executable

    true

  • offline_keylogger

    true

  • password

    Password234

  • registry_autorun

    false

  • use_mutex

    false

Targets

    • Target

      09103f6536c9315c4d1cfa28a4105a2e9bd06f5c432bb62dc5a2b1d0b5902fdd

    • Size

      160KB

    • MD5

      3564b2127c519a9e39b63f0e6994a3d1

    • SHA1

      158c22dea6eb92f518af7ea947e08521a904e3ad

    • SHA256

      09103f6536c9315c4d1cfa28a4105a2e9bd06f5c432bb62dc5a2b1d0b5902fdd

    • SHA512

      37bdd044469917c500a4d4cfc8b8280207198be956bb208efdac7a74dc3a49b97df237885ece8bf8d3e0c9642156c24285e9ed8fa27adad32adbde6613fc5029

    Score
    10/10
    netwirebotnetratstealer

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Executes dropped EXE

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks