netwire | 03f96159efede3e3105ed99ddcd73e232cb6ad16b64de0f10ac25b95f522edf2 | Triage

Submit
Reports

Overview

overview

Static

static

INV03483287732.exe

windows7-x64

INV03483287732.exe

windows10-2004-x64

Sharing

General

Target

d8b2c915d50c923faf1ca9d6b76fb9df
Size

909KB
Sample

220804-1df54sccdk
MD5

d8b2c915d50c923faf1ca9d6b76fb9df
SHA1

af76c28e956e89d28dfe3731f58cafceea632fb1
SHA256

03f96159efede3e3105ed99ddcd73e232cb6ad16b64de0f10ac25b95f522edf2
SHA512

8065928fdcd322d75294059d0bbb52a11dfc707a0c6923e7a3b25bd1d3a08147c9780b08152ae2fe316ff3a5d7fcbd94920604d8efed59154d3b2f7e40c6692e

Score

10^/10

netwire botnet rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

INV03483287732.exe

Resource

win7-20220715-en

netwire botnet rat stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

INV03483287732.exe

Resource

win10v2004-20220721-en

netwire botnet rat stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

netwire

C2

149.102.132.253:3399

Attributes

activex_autorun
false
copy_executable
false
delete_original
false
host_id
HostId-%Rand%
lock_executable
false
offline_keylogger
false
password
Password
registry_autorun
false
use_mutex
false

Targets

- Target
  
  INV03483287732.exe
- Size
  
  782KB
- MD5
  
  2fe9032113e6cad33dee260c180cf758
- SHA1
  
  db6b2f0bc2936400b3b1c8c118a77d0ba4e61c57
- SHA256
  
  171c720d3c447b5011c0de2a4669df9406bcf4ba7581c7e8582f4ad526bb43b2
- SHA512
  
  70245873ee8fca013357437af10bd6a2a34cf094bb46a34466b91743943ab3ea4b561100a6768bec684f1a0f30f0e4ed9b643b4f8728da69141df7e886f86cde
Score

10^/10

netwire botnet rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

netwirebotnetratstealer

behavioral2

netwirebotnetratstealer

© 2018-2024

Terms | Privacy