netwire | 221dad5e31cb4eb08c988678f1f87d01dba59dcd8b50f2aa44251886689473b9 | Triage

Submit
Reports

Overview

overview

Static

static

221dad5e31...b9.exe

windows7-x64

221dad5e31...b9.exe

windows10-2004-x64

Sharing

General

Target

221dad5e31cb4eb08c988678f1f87d01dba59dcd8b50f2aa44251886689473b9
Size

136KB
Sample

221120-mhax1acg71
MD5

06cf9a05d777a08ecc04c8502fbbac30
SHA1

ba53dd1b24d82e372ca2ce198d13011795d15587
SHA256

221dad5e31cb4eb08c988678f1f87d01dba59dcd8b50f2aa44251886689473b9
SHA512

4152b61e4688f9cffef6f01e4a420f630d93f900ea7131682c5ceadfbfc3bc363953e010925ccfa5c5a96ab50b3fc8bc9c54b981c2e6cfa8ebc242773cd2d013
SSDEEP

3072:tq/+4f56wDQlPGWm5vGIdupbixJobw5NIZ66LQ:tq//QlPGWAeIdupmxJoF66L

Score

10^/10

netwire botnet persistence rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

221dad5e31cb4eb08c988678f1f87d01dba59dcd8b50f2aa44251886689473b9.exe

Resource

win7-20220812-en

netwire botnet persistence rat stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

221dad5e31cb4eb08c988678f1f87d01dba59dcd8b50f2aa44251886689473b9.exe

Resource

win10v2004-20221111-en

netwire botnet persistence rat stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  221dad5e31cb4eb08c988678f1f87d01dba59dcd8b50f2aa44251886689473b9
- Size
  
  136KB
- MD5
  
  06cf9a05d777a08ecc04c8502fbbac30
- SHA1
  
  ba53dd1b24d82e372ca2ce198d13011795d15587
- SHA256
  
  221dad5e31cb4eb08c988678f1f87d01dba59dcd8b50f2aa44251886689473b9
- SHA512
  
  4152b61e4688f9cffef6f01e4a420f630d93f900ea7131682c5ceadfbfc3bc363953e010925ccfa5c5a96ab50b3fc8bc9c54b981c2e6cfa8ebc242773cd2d013
- SSDEEP
  
  3072:tq/+4f56wDQlPGWm5vGIdupbixJobw5NIZ66LQ:tq//QlPGWAeIdupmxJoF66L
Score

10^/10

netwire botnet persistence rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

netwirebotnetpersistenceratstealer

behavioral2

netwirebotnetpersistenceratstealer

© 2018-2024

Terms | Privacy