netwire | 113a9858a84b3fe5c8df8ee0907c282df2aef55710e2359e2f7564a3472068dd | Triage

Submit
Reports

Overview

overview

Static

static

8

113a9858a8...dd.exe

windows7-x64

113a9858a8...dd.exe

windows10-2004-x64

Sharing

General

Target

113a9858a84b3fe5c8df8ee0907c282df2aef55710e2359e2f7564a3472068dd
Size

713KB
Sample

221127-bgcveshd25
MD5

39d11206603326d942b3bd878318181f
SHA1

dc1c0c74744f9b0dfd40a2e66184df9262cea943
SHA256

113a9858a84b3fe5c8df8ee0907c282df2aef55710e2359e2f7564a3472068dd
SHA512

1d7b395d1dfedb360a561d5e73c936e12e5ceb910ea6957830c8713e4958eff4c03661b20f8759a9a58a1431da3f6f6965e42b5d46386999aaebe960d7734160
SSDEEP

12288:a6Wq4aaE6KwyF5L0Y2D1PqLiUcmdYyFPvvi6RSuRn16cUJn:4thEVaPqLzdYuHjRxRMLn

Score

10^/10

netwire botnet rat stealer upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

113a9858a84b3fe5c8df8ee0907c282df2aef55710e2359e2f7564a3472068dd.exe

Resource

win7-20220901-en

netwire botnet rat stealer upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

113a9858a84b3fe5c8df8ee0907c282df2aef55710e2359e2f7564a3472068dd.exe

Resource

win10v2004-20220812-en

netwire botnet rat stealer upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  113a9858a84b3fe5c8df8ee0907c282df2aef55710e2359e2f7564a3472068dd
- Size
  
  713KB
- MD5
  
  39d11206603326d942b3bd878318181f
- SHA1
  
  dc1c0c74744f9b0dfd40a2e66184df9262cea943
- SHA256
  
  113a9858a84b3fe5c8df8ee0907c282df2aef55710e2359e2f7564a3472068dd
- SHA512
  
  1d7b395d1dfedb360a561d5e73c936e12e5ceb910ea6957830c8713e4958eff4c03661b20f8759a9a58a1431da3f6f6965e42b5d46386999aaebe960d7734160
- SSDEEP
  
  12288:a6Wq4aaE6KwyF5L0Y2D1PqLiUcmdYyFPvvi6RSuRn16cUJn:4thEVaPqLzdYuHjRxRMLn
Score

10^/10

netwire botnet rat stealer upx
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Uses the VBS compiler for execution
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

netwirebotnetratstealerupx

behavioral2

netwirebotnetratstealerupx

© 2018-2024

Terms | Privacy