netwire | c605def48c1260429f668b322e679c9cfffe303eb3a3ce1e7cdd48ff2328807c | Triage

Submit
Reports

Overview

overview

Static

static

c605def48c...7c.exe

windows7-x64

c605def48c...7c.exe

windows10-2004-x64

Sharing

General

Target

c605def48c1260429f668b322e679c9cfffe303eb3a3ce1e7cdd48ff2328807c
Size

91KB
Sample

221029-sdgsmscdcm
MD5

e59eb3c46870c8331d40464d1dcacc34
SHA1

41deeee3508275807476fbb72e4aa7b8263c9362
SHA256

c605def48c1260429f668b322e679c9cfffe303eb3a3ce1e7cdd48ff2328807c
SHA512

d0878707e5e6dd1b8e9cee3bc4c6b8bdc4b949dc6fa1f9a8755809af6e504e3983760bbe66b663d19c582347fdaa8fac0994e60bcdbcd0b3952535a53b8856e3
SSDEEP

1536:18l0sr8wujP2zmj0IextvIgi647CDkxN9uO+1eEm/S38zNyA3JuQQ/r:1k04LE2z8teTIgFniN9S1goONLA

Score

10^/10

netwire botnet rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

c605def48c1260429f668b322e679c9cfffe303eb3a3ce1e7cdd48ff2328807c.exe

Resource

win7-20220812-en

netwire botnet rat stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

c605def48c1260429f668b322e679c9cfffe303eb3a3ce1e7cdd48ff2328807c.exe

Resource

win10v2004-20220901-en

netwire botnet rat stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  c605def48c1260429f668b322e679c9cfffe303eb3a3ce1e7cdd48ff2328807c
- Size
  
  91KB
- MD5
  
  e59eb3c46870c8331d40464d1dcacc34
- SHA1
  
  41deeee3508275807476fbb72e4aa7b8263c9362
- SHA256
  
  c605def48c1260429f668b322e679c9cfffe303eb3a3ce1e7cdd48ff2328807c
- SHA512
  
  d0878707e5e6dd1b8e9cee3bc4c6b8bdc4b949dc6fa1f9a8755809af6e504e3983760bbe66b663d19c582347fdaa8fac0994e60bcdbcd0b3952535a53b8856e3
- SSDEEP
  
  1536:18l0sr8wujP2zmj0IextvIgi647CDkxN9uO+1eEm/S38zNyA3JuQQ/r:1k04LE2z8teTIgFniN9S1goONLA
Score

10^/10

netwire botnet rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

netwirebotnetratstealer

behavioral2

netwirebotnetratstealer

© 2018-2024

Terms | Privacy