netwire | 355e8fae9684a3af408da41f65406259f598dc267e34a3b819ca191c1040a7fd | Triage

Submit
Reports

Overview

overview

Static

static

355e8fae96...fd.exe

windows7-x64

355e8fae96...fd.exe

windows10-2004-x64

Sharing

General

Target

355e8fae9684a3af408da41f65406259f598dc267e34a3b819ca191c1040a7fd
Size

240KB
Sample

221127-qgz3aaea8s
MD5

aac40ed9847cebc3e3667dd84b4324b1
SHA1

faa429de43e7a0f7bbcf73c0903e0314b3acab98
SHA256

355e8fae9684a3af408da41f65406259f598dc267e34a3b819ca191c1040a7fd
SHA512

46189017557fa73e2c56302d5c88cae52e0b21aaca2854b55fe3d95d4d77e06adb11647a8d41e1c166565f58dbaf94b1cda51ab9e946a8d3443fab477ec71d1b
SSDEEP

3072:OpivnKBxQblgstk18806BXxKyrl44pkTOYfgeJc/C/I0UAbZ2SxWbk+ySBb+:OpiyBxHWk1g+XS4wgLLaZ3WbKM

Score

10^/10

netwire botnet rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

355e8fae9684a3af408da41f65406259f598dc267e34a3b819ca191c1040a7fd.exe

Resource

win7-20221111-en

netwire botnet rat stealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

355e8fae9684a3af408da41f65406259f598dc267e34a3b819ca191c1040a7fd.exe

Resource

win10v2004-20220901-en

netwire botnet rat stealer

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  355e8fae9684a3af408da41f65406259f598dc267e34a3b819ca191c1040a7fd
- Size
  
  240KB
- MD5
  
  aac40ed9847cebc3e3667dd84b4324b1
- SHA1
  
  faa429de43e7a0f7bbcf73c0903e0314b3acab98
- SHA256
  
  355e8fae9684a3af408da41f65406259f598dc267e34a3b819ca191c1040a7fd
- SHA512
  
  46189017557fa73e2c56302d5c88cae52e0b21aaca2854b55fe3d95d4d77e06adb11647a8d41e1c166565f58dbaf94b1cda51ab9e946a8d3443fab477ec71d1b
- SSDEEP
  
  3072:OpivnKBxQblgstk18806BXxKyrl44pkTOYfgeJc/C/I0UAbZ2SxWbk+ySBb+:OpiyBxHWk1g+XS4wgLLaZ3WbKM
Score

10^/10

netwire botnet rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

netwirebotnetratstealer

behavioral2

netwirebotnetratstealer

© 2018-2024

Terms | Privacy