netwire | 6353f901cdb1a791ba9e510e4362ac7d0864de44a72c8e28df10b195395ce8ef | Triage

Submit
Reports

Overview

overview

Static

static

6353f901cd...ef.exe

windows7-x64

6353f901cd...ef.exe

windows10-2004-x64

Sharing

General

Target

6353f901cdb1a791ba9e510e4362ac7d0864de44a72c8e28df10b195395ce8ef
Size

162KB
Sample

221127-am5xqaag31
MD5

06c5e675a928af42a54ff44311a7da4d
SHA1

a0b444e5887b47cc62fa6adf38f7ff4f8cfb286e
SHA256

6353f901cdb1a791ba9e510e4362ac7d0864de44a72c8e28df10b195395ce8ef
SHA512

356c8a98761ed6da6c8ca6bfcb00b506c30dca0e9576ef8d8ea5a2d67a5f96953dd0e5d7e5774895c19ef3636c1f39ff882175db80b4ab7f22e0710473040a4b
SSDEEP

3072:EOlM4WsbW2lvSs9qQyenKZgSAVsy4h/HMfPEXN7SXKcTFS+RRHlOHdflKb:NKgvSs9ndnpSZySM76cTk+/kFs

Score

10^/10

netwire botnet rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

6353f901cdb1a791ba9e510e4362ac7d0864de44a72c8e28df10b195395ce8ef.exe

Resource

win7-20220901-en

netwire botnet rat stealer

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

6353f901cdb1a791ba9e510e4362ac7d0864de44a72c8e28df10b195395ce8ef.exe

Resource

win10v2004-20220901-en

netwire botnet rat stealer

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  6353f901cdb1a791ba9e510e4362ac7d0864de44a72c8e28df10b195395ce8ef
- Size
  
  162KB
- MD5
  
  06c5e675a928af42a54ff44311a7da4d
- SHA1
  
  a0b444e5887b47cc62fa6adf38f7ff4f8cfb286e
- SHA256
  
  6353f901cdb1a791ba9e510e4362ac7d0864de44a72c8e28df10b195395ce8ef
- SHA512
  
  356c8a98761ed6da6c8ca6bfcb00b506c30dca0e9576ef8d8ea5a2d67a5f96953dd0e5d7e5774895c19ef3636c1f39ff882175db80b4ab7f22e0710473040a4b
- SSDEEP
  
  3072:EOlM4WsbW2lvSs9qQyenKZgSAVsy4h/HMfPEXN7SXKcTFS+RRHlOHdflKb:NKgvSs9ndnpSZySM76cTk+/kFs
Score

10^/10

netwire botnet rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

netwirebotnetratstealer

behavioral2

netwirebotnetratstealer

© 2018-2024

Terms | Privacy