netwire | 738a8ea86d2e8a24daf04932f5c0ac32c7878e9a6db8549f0cd1e75fe708c941 | Triage

Submit
Reports

Overview

overview

Static

static

badf1a99a0...85.exe

windows7-x64

badf1a99a0...85.exe

windows10-2004-x64

Resubmissions

06-09-2022 05:56

220906-gnbhtsgaa4 10

05-09-2022 05:07

220905-fsaawsbdfp 10

Sharing

General

Target

badf1a99a053035a6ed6543ec7486585
Size

1.8MB
Sample

220906-gnbhtsgaa4
MD5

badf1a99a053035a6ed6543ec7486585
SHA1

8b00a48974353b78e1c8755120c6069e7c2e6978
SHA256

738a8ea86d2e8a24daf04932f5c0ac32c7878e9a6db8549f0cd1e75fe708c941
SHA512

9d9f2889e97ff7ef1d38dc8b14b93017588dd6d4f88d8f31d112efea05656802f14c9a6df47f1cb527cb44e1a8162596c6609f75d630cebf215765ecafd13f69
SSDEEP

24576:RIel6SbNWql25cK7+15umdL/oNI9cccCqA4zkCi05YhBYAwRTT3pP7uqxYpIkYRi:RI26DY6STZQIJQAl2nup

Score

10^/10

netwire botnet rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

badf1a99a053035a6ed6543ec7486585.exe

Resource

win7-20220812-en

netwire botnet rat stealer

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

badf1a99a053035a6ed6543ec7486585.exe

Resource

win10v2004-20220812-en

netwire botnet rat stealer

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

netwire

C2

jekkd.com:8080

Attributes

activex_autorun
false
copy_executable
false
delete_original
false
host_id
HostId-%Rand%
keylogger_dir
%AppData%\Logs\
lock_executable
false
offline_keylogger
true
password
Password
registry_autorun
false
use_mutex
false

Targets

- Target
  
  badf1a99a053035a6ed6543ec7486585
- Size
  
  1.8MB
- MD5
  
  badf1a99a053035a6ed6543ec7486585
- SHA1
  
  8b00a48974353b78e1c8755120c6069e7c2e6978
- SHA256
  
  738a8ea86d2e8a24daf04932f5c0ac32c7878e9a6db8549f0cd1e75fe708c941
- SHA512
  
  9d9f2889e97ff7ef1d38dc8b14b93017588dd6d4f88d8f31d112efea05656802f14c9a6df47f1cb527cb44e1a8162596c6609f75d630cebf215765ecafd13f69
- SSDEEP
  
  24576:RIel6SbNWql25cK7+15umdL/oNI9cccCqA4zkCi05YhBYAwRTT3pP7uqxYpIkYRi:RI26DY6STZQIJQAl2nup
Score

10^/10

netwire botnet rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

netwirebotnetratstealer

behavioral2

netwirebotnetratstealer

© 2018-2024

Terms | Privacy