netwire | 7da61c80129d3f314db26cdd16e8f2d956c538170001af5394a9d5b5687d69ea | Triage

Submit
Reports

Overview

overview

Static

static

purchase order.xll

windows7-x64

purchase order.xll

windows10-2004-x64

1

Sharing

General

Target

purchase order.xll
Size

632KB
Sample

220811-g12ksadhf4
MD5

07b9b4746d7d71fe1a670380a197a48f
SHA1

902c5741347b1641280bd2670461391b46cfbafc
SHA256

7da61c80129d3f314db26cdd16e8f2d956c538170001af5394a9d5b5687d69ea
SHA512

03841fddcc314a1affe1ae2a5e7d486469d39f49c30fd62e21f443dddcd257a94f2c7b3b0dd0a49e44b2986beb3a6c88980299c8e0863f9d9a73d36f5a34a44b

Score

10^/10

netwire botnet rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

purchase order.xll

Resource

win7-20220718-en

netwire botnet rat stealer

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

purchase order.xll

Resource

win10v2004-20220722-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Language

xlm4.0

Source

Extracted

Family

netwire

C2

80.66.64.136:6671

Attributes

activex_autorun
false
copy_executable
false
delete_original
false
host_id
HostId-%Rand%
lock_executable
false
offline_keylogger
false
password
kongking
registry_autorun
false
use_mutex
false

Targets

- Target
  
  purchase order.xll
- Size
  
  632KB
- MD5
  
  07b9b4746d7d71fe1a670380a197a48f
- SHA1
  
  902c5741347b1641280bd2670461391b46cfbafc
- SHA256
  
  7da61c80129d3f314db26cdd16e8f2d956c538170001af5394a9d5b5687d69ea
- SHA512
  
  03841fddcc314a1affe1ae2a5e7d486469d39f49c30fd62e21f443dddcd257a94f2c7b3b0dd0a49e44b2986beb3a6c88980299c8e0863f9d9a73d36f5a34a44b
Score

10^/10

netwire botnet rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

netwirebotnetratstealer

behavioral2

© 2018-2024

Terms | Privacy