netwire | d3bd8aa9d23c6f86b88662ba478209a3d54d0aea368eeffd4af95fee851e3bc9 | Triage

Submit
Reports

Overview

overview

Static

static

d3bd8aa9d2...c9.exe

windows7-x64

d3bd8aa9d2...c9.exe

windows10-2004-x64

8

Sharing

General

Target

d3bd8aa9d23c6f86b88662ba478209a3d54d0aea368eeffd4af95fee851e3bc9
Size

913KB
Sample

221127-splkzabg6s
MD5

67de448a65e1e16d4a1d6f5a65b4c61a
SHA1

ab7166a256aad0180e46e88d2169b4cadaf1ebf4
SHA256

d3bd8aa9d23c6f86b88662ba478209a3d54d0aea368eeffd4af95fee851e3bc9
SHA512

47f477732c88f3e7f99273c4dbd563dfd288be342af08bbca60e1020e65b4d32199b85bf6a15cbe93f6e4e0e47d42915b1a42b5e2ed5193aaf30d888e38cc29e
SSDEEP

12288:yK2mhAMJ/cPltTiD8/HBP7v8h7UZYE82Y5UKUL4n4y3Xp3SbSl/ADUnr:z2O/GltWD8fBPA7g6zwm4m53Sb2YDUnr

Score

10^/10

netwire botnet evasion persistence rat stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

d3bd8aa9d23c6f86b88662ba478209a3d54d0aea368eeffd4af95fee851e3bc9.exe

Resource

win7-20220901-en

netwire botnet evasion persistence rat stealer trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

d3bd8aa9d23c6f86b88662ba478209a3d54d0aea368eeffd4af95fee851e3bc9.exe

Resource

win10v2004-20221111-en

evasion persistence trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  d3bd8aa9d23c6f86b88662ba478209a3d54d0aea368eeffd4af95fee851e3bc9
- Size
  
  913KB
- MD5
  
  67de448a65e1e16d4a1d6f5a65b4c61a
- SHA1
  
  ab7166a256aad0180e46e88d2169b4cadaf1ebf4
- SHA256
  
  d3bd8aa9d23c6f86b88662ba478209a3d54d0aea368eeffd4af95fee851e3bc9
- SHA512
  
  47f477732c88f3e7f99273c4dbd563dfd288be342af08bbca60e1020e65b4d32199b85bf6a15cbe93f6e4e0e47d42915b1a42b5e2ed5193aaf30d888e38cc29e
- SSDEEP
  
  12288:yK2mhAMJ/cPltTiD8/HBP7v8h7UZYE82Y5UKUL4n4y3Xp3SbSl/ADUnr:z2O/GltWD8fBPA7g6zwm4m53Sb2YDUnr
Score

10^/10

netwire botnet evasion persistence rat stealer trojan
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

netwirebotnetevasionpersistenceratstealertrojan

behavioral2

evasionpersistencetrojan

© 2018-2024

Terms | Privacy