netwire | ff2e6769db544063dcdcae55887971681a32e21c7a468eae2375971d5c5ee36c | Triage

Submit
Reports

Overview

overview

Static

static

Boat Payment _PDF .js

windows7-x64

Boat Payment _PDF .js

windows10-2004-x64

Sharing

General

Target

Boat Payment _PDF .js
Size

413KB
Sample

220919-t9dxaschcr
MD5

440e7b02be54dea36dc1e4d3c74d6588
SHA1

27c1511dda1e07dc181b99a270d70694b24aa12e
SHA256

ff2e6769db544063dcdcae55887971681a32e21c7a468eae2375971d5c5ee36c
SHA512

8986f8dcc2daa88e8c78973f767aa98be7ecf3457f4d9c8e3cedb69aee831b5c0a3cb5ce54067a1ebe72ce8ec9d1f9da90694abb74089cd954deebcee4eccbe2
SSDEEP

6144:C1YSEPt0WHnHp0I2hHo9KUusuNv1p0Y8JLHFjnaW2x5t4SxZY:C1YSpWHKI9Kcwv1p+JLHFzaWeHbY

Score

10^/10

netwire botnet persistence rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

Boat Payment _PDF .js

Resource

win7-20220812-en

netwire botnet persistence rat stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

Boat Payment _PDF .js

Resource

win10v2004-20220812-en

netwire botnet persistence rat stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  Boat Payment _PDF .js
- Size
  
  413KB
- MD5
  
  440e7b02be54dea36dc1e4d3c74d6588
- SHA1
  
  27c1511dda1e07dc181b99a270d70694b24aa12e
- SHA256
  
  ff2e6769db544063dcdcae55887971681a32e21c7a468eae2375971d5c5ee36c
- SHA512
  
  8986f8dcc2daa88e8c78973f767aa98be7ecf3457f4d9c8e3cedb69aee831b5c0a3cb5ce54067a1ebe72ce8ec9d1f9da90694abb74089cd954deebcee4eccbe2
- SSDEEP
  
  6144:C1YSEPt0WHnHp0I2hHo9KUusuNv1p0Y8JLHFjnaW2x5t4SxZY:C1YSpWHKI9Kcwv1p+JLHFzaWeHbY
Score

10^/10

netwire botnet persistence rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

netwirebotnetpersistenceratstealer

behavioral2

netwirebotnetpersistenceratstealer

© 2018-2024

Terms | Privacy