netwire | 849590a841b815d047cfdadf4f430a64b8b1ac03518a0e1f18923662e7f4563e | Triage

Submit
Reports

Overview

overview

Static

static

95b5d76bfb...a4.exe

windows7-x64

95b5d76bfb...a4.exe

windows10-2004-x64

Sharing

General

Target

95b5d76bfb2204011333248cc121b5a4.exe
Size

882KB
Sample

221001-jgd2gsffd4
MD5

95b5d76bfb2204011333248cc121b5a4
SHA1

6faea7983c34f12cec7d22184be0eb1693e0abaf
SHA256

849590a841b815d047cfdadf4f430a64b8b1ac03518a0e1f18923662e7f4563e
SHA512

966343713d2174f09e1f5aa4493eb79bfca3b6504ff18253449e7a153c8a249f4a52e9d0a7e7319817b284fbaa80dff94e034772cc32fb3635457cbb1f3fc152
SSDEEP

12288:eP9sJ2iNZrmsAJVSsuTEa0nKYVNp1X8bX+r9k3RADqjJ5n5OiU0rZIG41r5XiXoT:ePiJ1rasmLNaGKgNb8+rEjr5G

Score

10^/10

netwire botnet rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

95b5d76bfb2204011333248cc121b5a4.exe

Resource

win7-20220812-en

netwire botnet rat stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

95b5d76bfb2204011333248cc121b5a4.exe

Resource

win10v2004-20220812-en

netwire botnet rat stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

netwire

C2

37.0.14.206:3384

Attributes

activex_autorun
false
copy_executable
true
delete_original
false
host_id
HostId-%Rand%
install_path
%AppData%\Install\Host.exe
keylogger_dir
%AppData%\Logs\
lock_executable
true
offline_keylogger
true
password
Password234
registry_autorun
false
use_mutex
false

Targets

- Target
  
  95b5d76bfb2204011333248cc121b5a4.exe
- Size
  
  882KB
- MD5
  
  95b5d76bfb2204011333248cc121b5a4
- SHA1
  
  6faea7983c34f12cec7d22184be0eb1693e0abaf
- SHA256
  
  849590a841b815d047cfdadf4f430a64b8b1ac03518a0e1f18923662e7f4563e
- SHA512
  
  966343713d2174f09e1f5aa4493eb79bfca3b6504ff18253449e7a153c8a249f4a52e9d0a7e7319817b284fbaa80dff94e034772cc32fb3635457cbb1f3fc152
- SSDEEP
  
  12288:eP9sJ2iNZrmsAJVSsuTEa0nKYVNp1X8bX+r9k3RADqjJ5n5OiU0rZIG41r5XiXoT:ePiJ1rasmLNaGKgNb8+rEjr5G
Score

10^/10

netwire botnet rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

netwirebotnetratstealer

behavioral2

netwirebotnetratstealer

© 2018-2024

Terms | Privacy