netwire | 9a10caf26716950274b4067ec83260082056f0f56aadab34343c33c43cbceebd | Triage

Submit
Reports

Overview

overview

Static

static

9a10caf267...bd.exe

windows7-x64

9a10caf267...bd.exe

windows10-2004-x64

5

Sharing

General

Target

9a10caf26716950274b4067ec83260082056f0f56aadab34343c33c43cbceebd
Size

103KB
Sample

221125-h7528aec4t
MD5

bc88e247a019a8e7511643fe7c7f4556
SHA1

759ccedba0508f0db7bf66500d6fbd8f72e7daab
SHA256

9a10caf26716950274b4067ec83260082056f0f56aadab34343c33c43cbceebd
SHA512

160e5eb1aeb0ef87898a05ef444440efed8ac0d7e74bdc722e2d983e9b1b1afcdd25950cbfda1ac730d121c0b158b83115c039acdf438dcd0259fb43fb1f4611
SSDEEP

3072:lta0RnzfhaC9+Ofplzc1Xn0sOISVu1RERK/hs:rFF9NvcRnyISoiRi

Score

10^/10

netwire botnet persistence rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

9a10caf26716950274b4067ec83260082056f0f56aadab34343c33c43cbceebd.exe

Resource

win7-20221111-en

netwire botnet persistence rat stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

9a10caf26716950274b4067ec83260082056f0f56aadab34343c33c43cbceebd.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Targets

- Target
  
  9a10caf26716950274b4067ec83260082056f0f56aadab34343c33c43cbceebd
- Size
  
  103KB
- MD5
  
  bc88e247a019a8e7511643fe7c7f4556
- SHA1
  
  759ccedba0508f0db7bf66500d6fbd8f72e7daab
- SHA256
  
  9a10caf26716950274b4067ec83260082056f0f56aadab34343c33c43cbceebd
- SHA512
  
  160e5eb1aeb0ef87898a05ef444440efed8ac0d7e74bdc722e2d983e9b1b1afcdd25950cbfda1ac730d121c0b158b83115c039acdf438dcd0259fb43fb1f4611
- SSDEEP
  
  3072:lta0RnzfhaC9+Ofplzc1Xn0sOISVu1RERK/hs:rFF9NvcRnyISoiRi
Score

10^/10

netwire botnet persistence rat stealer
- Modifies WinLogon for persistence
  persistence
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Modifies Installed Components in the registry
  persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

netwirebotnetpersistenceratstealer

behavioral2

© 2018-2024

Terms | Privacy