netwire | 883a1fb015a99ca444237d8d48187d9cca44ed7daa3dfe0c21836fb207047c7a | Triage

Submit
Reports

Overview

overview

Static

static

Quote_PDF.js

windows7-x64

Quote_PDF.js

windows10-2004-x64

Sharing

General

Target

Quote_PDF.js
Size

417KB
Sample

220919-t9dxaschcq
MD5

10ea52784165e94c2b8d62029f47fc2f
SHA1

9f3d0e42cbe82beeb4a467b78d612ce89fddfa41
SHA256

883a1fb015a99ca444237d8d48187d9cca44ed7daa3dfe0c21836fb207047c7a
SHA512

6f9e9f4136fedf90bd836abaf2cf51c67b822509f01b9d8a19fabcd327a190324e25ece949f4c5a2408648b2214c1a5ee3f0a6e98d4b14f405f6d29d97b096f5
SSDEEP

6144:hN8ML4yxnebd6j+IjhS6EzYYosOquA4nfuqQiWYl69Sjrh54:nL40yIjNQYYoWuA4nWqQK6ut54

Score

10^/10

netwire botnet persistence rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

Quote_PDF.js

Resource

win7-20220901-en

netwire botnet persistence rat stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

Quote_PDF.js

Resource

win10v2004-20220901-en

netwire botnet persistence rat stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  Quote_PDF.js
- Size
  
  417KB
- MD5
  
  10ea52784165e94c2b8d62029f47fc2f
- SHA1
  
  9f3d0e42cbe82beeb4a467b78d612ce89fddfa41
- SHA256
  
  883a1fb015a99ca444237d8d48187d9cca44ed7daa3dfe0c21836fb207047c7a
- SHA512
  
  6f9e9f4136fedf90bd836abaf2cf51c67b822509f01b9d8a19fabcd327a190324e25ece949f4c5a2408648b2214c1a5ee3f0a6e98d4b14f405f6d29d97b096f5
- SSDEEP
  
  6144:hN8ML4yxnebd6j+IjhS6EzYYosOquA4nfuqQiWYl69Sjrh54:nL40yIjNQYYoWuA4nWqQK6ut54
Score

10^/10

netwire botnet persistence rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

netwirebotnetpersistenceratstealer

behavioral2

netwirebotnetpersistenceratstealer

© 2018-2024

Terms | Privacy