netwire | ec9e73dd34c006df5b695379fd2fefe4a98e3aafa505c03e4c8bff42272b515b | Triage

Sharing

General

Target

ec9e73dd34c006df5b695379fd2fefe4a98e3aafa505c03e4c8bff42272b515b
Size

160KB
Sample

221123-xabvfaed26
MD5

5816d94bf51f3d6b6d8fa68809a05a57
SHA1

2f90c3c153bedd60af34e9748ddce2a67fe103e6
SHA256

ec9e73dd34c006df5b695379fd2fefe4a98e3aafa505c03e4c8bff42272b515b
SHA512

c6b0053037aaf062b5b862bea2b1a1f8d9eb9583ebf77727f7e9c7c821bd194db9adb21012186f5c46cb399bce10d23a7b53f866f51d2fe1c706ddbd02bdcd70
SSDEEP

3072:jOzPcXa+ND32eioGHlz8rnAE0HCXh0edLvRdYMjMqqDvFf:jOTcK+NrRioGHlz8rz0i/fzQqqDvFf

Score

10^/10

netwire botnet rat stealer

Malware Config

Extracted

Family

netwire

C2

alice2019.myftp.biz:3360

Attributes

activex_autorun
false
copy_executable
false
delete_original
false
host_id
Fs_Spread_0001
keylogger_dir
%AppData%\Logs\
lock_executable
false
offline_keylogger
true
password
Password
registry_autorun
false
use_mutex
false

Targets

- Target
  
  ec9e73dd34c006df5b695379fd2fefe4a98e3aafa505c03e4c8bff42272b515b
- Size
  
  160KB
- MD5
  
  5816d94bf51f3d6b6d8fa68809a05a57
- SHA1
  
  2f90c3c153bedd60af34e9748ddce2a67fe103e6
- SHA256
  
  ec9e73dd34c006df5b695379fd2fefe4a98e3aafa505c03e4c8bff42272b515b
- SHA512
  
  c6b0053037aaf062b5b862bea2b1a1f8d9eb9583ebf77727f7e9c7c821bd194db9adb21012186f5c46cb399bce10d23a7b53f866f51d2fe1c706ddbd02bdcd70
- SSDEEP
  
  3072:jOzPcXa+ND32eioGHlz8rnAE0HCXh0edLvRdYMjMqqDvFf:jOTcK+NrRioGHlz8rz0i/fzQqqDvFf
Score

10^/10

netwire botnet stealer
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

netwirebotnetstealer