netwire | 955669cb66cbfba78d1291a18a8f7c077a7adcb13bf727f757a31b886385e6d9 | Triage

Submit
Reports

Overview

overview

Static

static

955669cb66...d9.exe

windows7-x64

955669cb66...d9.exe

windows10-2004-x64

Sharing

General

Target

955669cb66cbfba78d1291a18a8f7c077a7adcb13bf727f757a31b886385e6d9
Size

176KB
Sample

221030-rzgt4afecm
MD5

9268508a09560d1b1a357ef733516b90
SHA1

9d0707e5d3a8c21b88eea5b1f931da6706560550
SHA256

955669cb66cbfba78d1291a18a8f7c077a7adcb13bf727f757a31b886385e6d9
SHA512

442c4c0b001cc1156294a5aad3346e084ed83e82fa08bff13e046f24c90e2ef0264cf73576399c16cff1e48f6ec6ca4a4a228e33d5539da51227fc08319b9833
SSDEEP

3072:s+Ny9+cjza5VAkkP/6ady9I7mcvho6UbquHBjH9zbd66:s+AUcPajFa6sy98vd6tO

Score

10^/10

netwire botnet persistence rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

955669cb66cbfba78d1291a18a8f7c077a7adcb13bf727f757a31b886385e6d9.exe

Resource

win7-20220812-en

netwire botnet persistence rat stealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

955669cb66cbfba78d1291a18a8f7c077a7adcb13bf727f757a31b886385e6d9.exe

Resource

win10v2004-20220812-en

netwire botnet persistence rat stealer

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  955669cb66cbfba78d1291a18a8f7c077a7adcb13bf727f757a31b886385e6d9
- Size
  
  176KB
- MD5
  
  9268508a09560d1b1a357ef733516b90
- SHA1
  
  9d0707e5d3a8c21b88eea5b1f931da6706560550
- SHA256
  
  955669cb66cbfba78d1291a18a8f7c077a7adcb13bf727f757a31b886385e6d9
- SHA512
  
  442c4c0b001cc1156294a5aad3346e084ed83e82fa08bff13e046f24c90e2ef0264cf73576399c16cff1e48f6ec6ca4a4a228e33d5539da51227fc08319b9833
- SSDEEP
  
  3072:s+Ny9+cjza5VAkkP/6ady9I7mcvho6UbquHBjH9zbd66:s+AUcPajFa6sy98vd6tO
Score

10^/10

netwire botnet persistence rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Modifies Installed Components in the registry
  persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

netwirebotnetpersistenceratstealer

behavioral2

netwirebotnetpersistenceratstealer

© 2018-2024

Terms | Privacy