netwire | d8fbfcf1ca07bab35863380101b13af249de3f4e3ffbf7dfa3492b777134a5e5 | Triage

Submit
Reports

Overview

overview

Static

static

d8fbfcf1ca...e5.exe

windows7-x64

d8fbfcf1ca...e5.exe

windows10-2004-x64

Sharing

General

Target

d8fbfcf1ca07bab35863380101b13af249de3f4e3ffbf7dfa3492b777134a5e5
Size

353KB
Sample

221030-n4c5xsafbn
MD5

a3a4b92718aca379bc2f2c71ea58f4a0
SHA1

d709dbd0da3ea6246714f71f5042e03417313226
SHA256

d8fbfcf1ca07bab35863380101b13af249de3f4e3ffbf7dfa3492b777134a5e5
SHA512

ba2d9cd78ea8372f3055e6f6c6d2b24ca5a8a0ec147c8674c60ae9cd4aa69ae11c4cea9e9a0dbd71c8863b6790b213b114193808fcbcad4c1f3d3f154fd7be03
SSDEEP

6144:JyWVJcspMJ30/hzgGjYZaEScP5mlbNEu8I4QrF2BArV1BZI5itH+s49aJ1qMFy:xpCCh8GcZaESW8lhzbiq1ac1+sDJ1qMw

Score

10^/10

netwire botnet persistence rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

d8fbfcf1ca07bab35863380101b13af249de3f4e3ffbf7dfa3492b777134a5e5.exe

Resource

win7-20220812-en

netwire botnet persistence rat stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

d8fbfcf1ca07bab35863380101b13af249de3f4e3ffbf7dfa3492b777134a5e5.exe

Resource

win10v2004-20220812-en

netwire botnet persistence rat stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  d8fbfcf1ca07bab35863380101b13af249de3f4e3ffbf7dfa3492b777134a5e5
- Size
  
  353KB
- MD5
  
  a3a4b92718aca379bc2f2c71ea58f4a0
- SHA1
  
  d709dbd0da3ea6246714f71f5042e03417313226
- SHA256
  
  d8fbfcf1ca07bab35863380101b13af249de3f4e3ffbf7dfa3492b777134a5e5
- SHA512
  
  ba2d9cd78ea8372f3055e6f6c6d2b24ca5a8a0ec147c8674c60ae9cd4aa69ae11c4cea9e9a0dbd71c8863b6790b213b114193808fcbcad4c1f3d3f154fd7be03
- SSDEEP
  
  6144:JyWVJcspMJ30/hzgGjYZaEScP5mlbNEu8I4QrF2BArV1BZI5itH+s49aJ1qMFy:xpCCh8GcZaESW8lhzbiq1ac1+sDJ1qMw
Score

10^/10

netwire botnet persistence rat stealer
- Modifies WinLogon for persistence
  persistence
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

netwirebotnetpersistenceratstealer

behavioral2

netwirebotnetpersistenceratstealer

© 2018-2024

Terms | Privacy