netwire | 1cc44e0f214cbf72c836dcbd1b1e67ad574bba62873f974432ee076072bf42cc | Triage

Submit
Reports

Overview

overview

Static

static

SecuriteIn...33.exe

windows7-x64

SecuriteIn...33.exe

windows10-2004-x64

Sharing

General

Target

SecuriteInfo.com.Variant.Barys.51933.17281.33.exe
Size

791KB
Sample

221115-wrfdhsfb59
MD5

4ce9503e6cbbcc8ec8a8b3696986843f
SHA1

62f2a7cd9fc8b4acf6c442b246cbf34035f0b540
SHA256

1cc44e0f214cbf72c836dcbd1b1e67ad574bba62873f974432ee076072bf42cc
SHA512

f53743b7e2dd7eb88a99a01ca95ca12b4afe56892fa0fa28c3409b72cf15aedcc15c2f0966959399a2effd2b6d0b323f4ab61c66bc15ce30bec0093157127dbf
SSDEEP

12288:/B4XsRQQwHXOMYRIp7RNqW/1D8TkJhTUDT1+RngcpCYrNl:pQjHXO5RIp7R91+2h4DLICQl

Score

10^/10

netwire botnet rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

SecuriteInfo.com.Variant.Barys.51933.17281.33.exe

Resource

win7-20220901-en

netwire botnet rat stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

SecuriteInfo.com.Variant.Barys.51933.17281.33.exe

Resource

win10v2004-20221111-en

netwire botnet rat stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

netwire

C2

79.134.225.121:2210

Attributes

activex_autorun
false
copy_executable
false
delete_original
false
host_id
HostId-%Rand%
install_path
%AppData%\Install\Host.exe
lock_executable
false
offline_keylogger
false
password
Elibee88
registry_autorun
false
use_mutex
false

Targets

- Target
  
  SecuriteInfo.com.Variant.Barys.51933.17281.33.exe
- Size
  
  791KB
- MD5
  
  4ce9503e6cbbcc8ec8a8b3696986843f
- SHA1
  
  62f2a7cd9fc8b4acf6c442b246cbf34035f0b540
- SHA256
  
  1cc44e0f214cbf72c836dcbd1b1e67ad574bba62873f974432ee076072bf42cc
- SHA512
  
  f53743b7e2dd7eb88a99a01ca95ca12b4afe56892fa0fa28c3409b72cf15aedcc15c2f0966959399a2effd2b6d0b323f4ab61c66bc15ce30bec0093157127dbf
- SSDEEP
  
  12288:/B4XsRQQwHXOMYRIp7RNqW/1D8TkJhTUDT1+RngcpCYrNl:pQjHXO5RIp7R91+2h4DLICQl
Score

10^/10

netwire botnet rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

netwirebotnetratstealer

behavioral2

netwirebotnetratstealer

© 2018-2024

Terms | Privacy