netwire | 2fa74537582a2a72b07847c6b16a61b70fec38038af88e8dbf57fbeddd8237b9 | Triage

Submit
Reports

Overview

overview

Static

static

2fa7453758...b9.exe

windows7-x64

2fa7453758...b9.exe

windows10-2004-x64

Sharing

General

Target

2fa74537582a2a72b07847c6b16a61b70fec38038af88e8dbf57fbeddd8237b9
Size

924KB
Sample

221030-tngq3aadfl
MD5

880ca8b15d56cb742217ba3ce2f22b14
SHA1

8109d350ef22987756d142cfb39abe4e28573b0d
SHA256

2fa74537582a2a72b07847c6b16a61b70fec38038af88e8dbf57fbeddd8237b9
SHA512

c5e287c92f575fcba2cf08121627690103f812fd3e92f65a0a2629f58645335e85e4ff51d4aa8e967e8e95615fa2f1541e1f4e38ec2b7d4d63245c9b12345f63
SSDEEP

12288:769WY6/b3qvL7si6BYdLl9Ir+Jsh9nGk3CL6d6T4AHW/UN28IGWCvXZGe:+L+3ALAi39z0DC06TDHW/UNHJn/n

Score

10^/10

netwire botnet rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

2fa74537582a2a72b07847c6b16a61b70fec38038af88e8dbf57fbeddd8237b9.exe

Resource

win7-20220812-en

netwire botnet rat stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

2fa74537582a2a72b07847c6b16a61b70fec38038af88e8dbf57fbeddd8237b9.exe

Resource

win10v2004-20220812-en

netwire botnet rat stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  2fa74537582a2a72b07847c6b16a61b70fec38038af88e8dbf57fbeddd8237b9
- Size
  
  924KB
- MD5
  
  880ca8b15d56cb742217ba3ce2f22b14
- SHA1
  
  8109d350ef22987756d142cfb39abe4e28573b0d
- SHA256
  
  2fa74537582a2a72b07847c6b16a61b70fec38038af88e8dbf57fbeddd8237b9
- SHA512
  
  c5e287c92f575fcba2cf08121627690103f812fd3e92f65a0a2629f58645335e85e4ff51d4aa8e967e8e95615fa2f1541e1f4e38ec2b7d4d63245c9b12345f63
- SSDEEP
  
  12288:769WY6/b3qvL7si6BYdLl9Ir+Jsh9nGk3CL6d6T4AHW/UN28IGWCvXZGe:+L+3ALAi39z0DC06TDHW/UNHJn/n
Score

10^/10

netwire botnet rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

netwirebotnetratstealer

behavioral2

netwirebotnetratstealer

© 2018-2024

Terms | Privacy