netwire | fc361bfc9536f31350c99e5bffc007477e6ac9d1bc1fee3604c8fcae39153e53 | Triage

Submit
Reports

Overview

overview

Static

static

1

fc361bfc95...53.exe

windows7-x64

fc361bfc95...53.exe

windows10-2004-x64

Sharing

General

Target

fc361bfc9536f31350c99e5bffc007477e6ac9d1bc1fee3604c8fcae39153e53
Size

105KB
Sample

221126-jbbzyacb22
MD5

e11591310952d9c6eeeaf88ff19432b2
SHA1

71bd602670f33e1f0573c6bbd15ead0992e4973f
SHA256

fc361bfc9536f31350c99e5bffc007477e6ac9d1bc1fee3604c8fcae39153e53
SHA512

e8ff1f1766d49736549a5792a613f4e9776de534c2eca1e172de29af3a94a407d568020ece86e6f6d2381c47ea23b0e3e025e1a84f4a2c651c171fb240ec9b07
SSDEEP

3072:gM1BjoYNXoKDIJBXJPLW1D9DOgDqK2VRNbA/6A/d:gMMYNXqBBCN9DOgOK2VzbVA/d

Score

10^/10

netwire botnet persistence rat stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

fc361bfc9536f31350c99e5bffc007477e6ac9d1bc1fee3604c8fcae39153e53.exe

Resource

win7-20221111-en

netwire botnet persistence rat stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

fc361bfc9536f31350c99e5bffc007477e6ac9d1bc1fee3604c8fcae39153e53.exe

Resource

win10v2004-20220901-en

netwire botnet persistence rat stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  fc361bfc9536f31350c99e5bffc007477e6ac9d1bc1fee3604c8fcae39153e53
- Size
  
  105KB
- MD5
  
  e11591310952d9c6eeeaf88ff19432b2
- SHA1
  
  71bd602670f33e1f0573c6bbd15ead0992e4973f
- SHA256
  
  fc361bfc9536f31350c99e5bffc007477e6ac9d1bc1fee3604c8fcae39153e53
- SHA512
  
  e8ff1f1766d49736549a5792a613f4e9776de534c2eca1e172de29af3a94a407d568020ece86e6f6d2381c47ea23b0e3e025e1a84f4a2c651c171fb240ec9b07
- SSDEEP
  
  3072:gM1BjoYNXoKDIJBXJPLW1D9DOgDqK2VRNbA/6A/d:gMMYNXqBBCN9DOgOK2VzbVA/d
Score

10^/10

netwire botnet persistence rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

netwirebotnetpersistenceratstealer

behavioral2

netwirebotnetpersistenceratstealer

© 2018-2024

Terms | Privacy