netwire | 836da3a28305f322ad2b41ad8305ed67ac1f3fdbd5ee8ee214ab11498dcba0fa | Triage

Submit
Reports

Overview

overview

Static

static

Rechnung07...34.exe

windows7-x64

Rechnung07...34.exe

windows10-2004-x64

Sharing

General

Target

Rechnung07752469534.exe
Size

1.0MB
Sample

220808-g5gq6sggd3
MD5

541eebdb38c16afd2d7f8842391369ec
SHA1

45bb022b308b061813a3d6f83ddf7bb82ede98b8
SHA256

836da3a28305f322ad2b41ad8305ed67ac1f3fdbd5ee8ee214ab11498dcba0fa
SHA512

ed1a261a557dd1c0816270c139e1adbe2fdf17ee291a96c175104f94a4d1fd8b2485177eb6615a33bae3c905e5367848ba71390a3a0778a0e51d621ee74be7c2

Score

10^/10

netwire botnet rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

Rechnung07752469534.exe

Resource

win7-20220718-en

netwire botnet rat stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

Rechnung07752469534.exe

Resource

win10v2004-20220721-en

netwire botnet rat stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

netwire

C2

xman2.duckdns.org:4433

Attributes

activex_autorun
false
copy_executable
false
delete_original
false
host_id
HostId-%Rand%
lock_executable
false
offline_keylogger
false
password
Password
registry_autorun
false
use_mutex
false

Targets

- Target
  
  Rechnung07752469534.exe
- Size
  
  1.0MB
- MD5
  
  541eebdb38c16afd2d7f8842391369ec
- SHA1
  
  45bb022b308b061813a3d6f83ddf7bb82ede98b8
- SHA256
  
  836da3a28305f322ad2b41ad8305ed67ac1f3fdbd5ee8ee214ab11498dcba0fa
- SHA512
  
  ed1a261a557dd1c0816270c139e1adbe2fdf17ee291a96c175104f94a4d1fd8b2485177eb6615a33bae3c905e5367848ba71390a3a0778a0e51d621ee74be7c2
Score

10^/10

netwire botnet rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

netwirebotnetratstealer

behavioral2

netwirebotnetratstealer

© 2018-2024

Terms | Privacy