netwire | bbb8f32686aeef229eb473b37891091b254eecae3eaff2b12624121f29e5332f | Triage

Submit
Reports

Overview

overview

Static

static

bbb8f32686...2f.exe

windows7-x64

bbb8f32686...2f.exe

windows10-2004-x64

1

Sharing

General

Target

bbb8f32686aeef229eb473b37891091b254eecae3eaff2b12624121f29e5332f
Size

1009KB
Sample

221029-f7br9sdear
MD5

e0cb5d5d7185aedd6296cf6e9b24bb29
SHA1

07c6d5f0719382324c7f8eaa0b85ac41b6c7bbb8
SHA256

bbb8f32686aeef229eb473b37891091b254eecae3eaff2b12624121f29e5332f
SHA512

0d26d66c1d62a3d8049c0fe89ba0e81bae40bf36f44515e0ffe166452b117ad4cbe1c1f3827eb6b87e00ed0165f11e1f472034a8ae0e092ddb7f382f61a153ca
SSDEEP

24576:48GzoEgINYDQ1ne69fgPR5wq8YDw9sr8E9lcqWUIHn4QdEtJYv2T8aHEzcBU0kmM:SwQJfURqq8YDw9sr8E9lcqWUIHn4QdEG

Score

10^/10

netwire botnet persistence rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

bbb8f32686aeef229eb473b37891091b254eecae3eaff2b12624121f29e5332f.exe

Resource

win7-20220901-en

netwire botnet persistence rat stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

bbb8f32686aeef229eb473b37891091b254eecae3eaff2b12624121f29e5332f.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

0 signatures

150 seconds

Malware Config

Targets

- Target
  
  bbb8f32686aeef229eb473b37891091b254eecae3eaff2b12624121f29e5332f
- Size
  
  1009KB
- MD5
  
  e0cb5d5d7185aedd6296cf6e9b24bb29
- SHA1
  
  07c6d5f0719382324c7f8eaa0b85ac41b6c7bbb8
- SHA256
  
  bbb8f32686aeef229eb473b37891091b254eecae3eaff2b12624121f29e5332f
- SHA512
  
  0d26d66c1d62a3d8049c0fe89ba0e81bae40bf36f44515e0ffe166452b117ad4cbe1c1f3827eb6b87e00ed0165f11e1f472034a8ae0e092ddb7f382f61a153ca
- SSDEEP
  
  24576:48GzoEgINYDQ1ne69fgPR5wq8YDw9sr8E9lcqWUIHn4QdEtJYv2T8aHEzcBU0kmM:SwQJfURqq8YDw9sr8E9lcqWUIHn4QdEG
Score

10^/10

netwire botnet persistence rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

netwirebotnetpersistenceratstealer

behavioral2

© 2018-2024

Terms | Privacy