netwire | 9deb011f2a31263ebdb05daecd84d4362005cea1dfce65dc6f077b094f9435ac | Triage

Submit
Reports

Overview

overview

Static

static

5

9deb011f2a...ac.exe

windows7-x64

9deb011f2a...ac.exe

windows10-2004-x64

Sharing

General

Target

9deb011f2a31263ebdb05daecd84d4362005cea1dfce65dc6f077b094f9435ac
Size

806KB
Sample

221126-216vqafb61
MD5

aa8ac68af525eb1805fd80d36390524f
SHA1

fa2aec1760fe268813de00e4dbb2a6fb4f06e973
SHA256

9deb011f2a31263ebdb05daecd84d4362005cea1dfce65dc6f077b094f9435ac
SHA512

ae7ecb9c33cfab7588aaf7af498a500c2d532febf257407abd95c6d88cfeb18b3e1cacf96e15d224a11c824e623e957fc381d36f5fdb96e3892f643cad8a5c41
SSDEEP

12288:zhkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4a0nRBMvJ2dHsabd:5RmJkcoQricOIQxiZY1ia0nRBMkdd

Score

10^/10

netwire botnet rat stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

9deb011f2a31263ebdb05daecd84d4362005cea1dfce65dc6f077b094f9435ac.exe

Resource

win7-20220812-en

netwire botnet rat stealer upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

9deb011f2a31263ebdb05daecd84d4362005cea1dfce65dc6f077b094f9435ac.exe

Resource

win10v2004-20220901-en

netwire botnet rat stealer upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  9deb011f2a31263ebdb05daecd84d4362005cea1dfce65dc6f077b094f9435ac
- Size
  
  806KB
- MD5
  
  aa8ac68af525eb1805fd80d36390524f
- SHA1
  
  fa2aec1760fe268813de00e4dbb2a6fb4f06e973
- SHA256
  
  9deb011f2a31263ebdb05daecd84d4362005cea1dfce65dc6f077b094f9435ac
- SHA512
  
  ae7ecb9c33cfab7588aaf7af498a500c2d532febf257407abd95c6d88cfeb18b3e1cacf96e15d224a11c824e623e957fc381d36f5fdb96e3892f643cad8a5c41
- SSDEEP
  
  12288:zhkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4a0nRBMvJ2dHsabd:5RmJkcoQricOIQxiZY1ia0nRBMkdd
Score

10^/10

netwire botnet rat stealer upx
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

netwirebotnetratstealerupx

behavioral2

netwirebotnetratstealerupx

© 2018-2024

Terms | Privacy