netwire | f13046a5373d4862bd6968c2ddbc5776075e2e6d39de1f7b319c9bb2bf125721 | Triage

Submit
Reports

Overview

overview

Static

static

f13046a537...21.exe

windows7-x64

f13046a537...21.exe

windows10-2004-x64

4

Sharing

General

Target

f13046a5373d4862bd6968c2ddbc5776075e2e6d39de1f7b319c9bb2bf125721
Size

240KB
Sample

221020-xypffabag9
MD5

a07fb2ef06380c32ba1c916092576f71
SHA1

3204163ac87633c3dd18e4c6168eecf5014c408e
SHA256

f13046a5373d4862bd6968c2ddbc5776075e2e6d39de1f7b319c9bb2bf125721
SHA512

1448295c1775590ecf9c096646e28f91f60b68f098b1f8ffdb40bd8d98b6b50363b1ebcac2fe25217e604e232eda2e9d4b6e4795b141f46008b7d7c14814193f
SSDEEP

3072:CvS8k/Mbsig+Y/zhUGT3PsWJHduQ/HBeCLCXWO7PlSSIyengTNc7WQY3lDQSV54x:fjz1PsguEfCXp7PASDTNcaQilDRv

Score

10^/10

netwire botnet persistence rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

f13046a5373d4862bd6968c2ddbc5776075e2e6d39de1f7b319c9bb2bf125721.exe

Resource

win7-20220812-en

netwire botnet persistence rat stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

f13046a5373d4862bd6968c2ddbc5776075e2e6d39de1f7b319c9bb2bf125721.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  f13046a5373d4862bd6968c2ddbc5776075e2e6d39de1f7b319c9bb2bf125721
- Size
  
  240KB
- MD5
  
  a07fb2ef06380c32ba1c916092576f71
- SHA1
  
  3204163ac87633c3dd18e4c6168eecf5014c408e
- SHA256
  
  f13046a5373d4862bd6968c2ddbc5776075e2e6d39de1f7b319c9bb2bf125721
- SHA512
  
  1448295c1775590ecf9c096646e28f91f60b68f098b1f8ffdb40bd8d98b6b50363b1ebcac2fe25217e604e232eda2e9d4b6e4795b141f46008b7d7c14814193f
- SSDEEP
  
  3072:CvS8k/Mbsig+Y/zhUGT3PsWJHduQ/HBeCLCXWO7PlSSIyengTNc7WQY3lDQSV54x:fjz1PsguEfCXp7PASDTNcaQilDRv
Score

10^/10

netwire botnet persistence rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

netwirebotnetpersistenceratstealer

behavioral2

© 2018-2024

Terms | Privacy