netwire | c6315fa80fa609d5f449ebd5c819d6cf0493d63b82d3e0305994572d66d6e747 | Triage

Submit
Reports

Overview

overview

Static

static

1

c6315fa80f...47.exe

windows7-x64

c6315fa80f...47.exe

windows10-2004-x64

Sharing

General

Target

c6315fa80fa609d5f449ebd5c819d6cf0493d63b82d3e0305994572d66d6e747
Size

83KB
Sample

221126-gbmqbseh37
MD5

6c26db6682e4d7b05aeba40410e7b320
SHA1

b429213dc46e07a268cde87c89ed90dfbf367b81
SHA256

c6315fa80fa609d5f449ebd5c819d6cf0493d63b82d3e0305994572d66d6e747
SHA512

944a139f76f7ccfcee6667cc46f32a45bcd4d6ce187e43612f832696818ef2d32a663d2313182772181cf371940ba810c9aadaa5373335490fc14441c9aad97b
SSDEEP

1536:nwJOoN1oYaoZ5iV685XJPCVX0sXeoaPWBZHqzqrwBICISUdq2ZdRcaomhvCm:nwJ52Y7ZoH5XJaVEsuoaPWrHZhNSE1d/

Score

10^/10

netwire botnet persistence rat stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c6315fa80fa609d5f449ebd5c819d6cf0493d63b82d3e0305994572d66d6e747.exe

Resource

win7-20221111-en

netwire botnet persistence rat stealer upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

c6315fa80fa609d5f449ebd5c819d6cf0493d63b82d3e0305994572d66d6e747.exe

Resource

win10v2004-20220901-en

netwire botnet persistence rat stealer upx

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  c6315fa80fa609d5f449ebd5c819d6cf0493d63b82d3e0305994572d66d6e747
- Size
  
  83KB
- MD5
  
  6c26db6682e4d7b05aeba40410e7b320
- SHA1
  
  b429213dc46e07a268cde87c89ed90dfbf367b81
- SHA256
  
  c6315fa80fa609d5f449ebd5c819d6cf0493d63b82d3e0305994572d66d6e747
- SHA512
  
  944a139f76f7ccfcee6667cc46f32a45bcd4d6ce187e43612f832696818ef2d32a663d2313182772181cf371940ba810c9aadaa5373335490fc14441c9aad97b
- SSDEEP
  
  1536:nwJOoN1oYaoZ5iV685XJPCVX0sXeoaPWBZHqzqrwBICISUdq2ZdRcaomhvCm:nwJ52Y7ZoH5XJaVEsuoaPWrHZhNSE1d/
Score

10^/10

netwire botnet persistence rat stealer upx
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Modifies Installed Components in the registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

netwirebotnetpersistenceratstealerupx

behavioral2

netwirebotnetpersistenceratstealerupx

© 2018-2024

Terms | Privacy