netwire | 98b0ceb542b0c198d9cbafc46bf7d0c7f8b4b0a418a4bb8b336787d54c7b34fd | Triage

Submit
Reports

Overview

overview

Static

static

5

98b0ceb542...fd.exe

windows7-x64

98b0ceb542...fd.exe

windows10-2004-x64

Sharing

General

Target

98b0ceb542b0c198d9cbafc46bf7d0c7f8b4b0a418a4bb8b336787d54c7b34fd
Size

932KB
Sample

221127-v5tbvsae2z
MD5

5bdbd0d69c232c6aa19fed358cb1df55
SHA1

049c2fa22106d59d2c7ecfab81590f184dc8c7e2
SHA256

98b0ceb542b0c198d9cbafc46bf7d0c7f8b4b0a418a4bb8b336787d54c7b34fd
SHA512

9da915e5369f731f62b16a9d1b63592faf024e250c32be0aa07b45e3a1a1abd0e5bb9ee9825f67dfa2d10326be99cdfa2a9f1cd505fa964bcd7732d16e3dcabc
SSDEEP

12288:Qtb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSga+lJ1JJ6A:Qtb20pkaCqT5TBWgNQ7aIFJ6A

Score

10^/10

netwire botnet rat stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

98b0ceb542b0c198d9cbafc46bf7d0c7f8b4b0a418a4bb8b336787d54c7b34fd.exe

Resource

win7-20221111-en

netwire botnet rat stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

98b0ceb542b0c198d9cbafc46bf7d0c7f8b4b0a418a4bb8b336787d54c7b34fd.exe

Resource

win10v2004-20220901-en

netwire botnet rat stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  98b0ceb542b0c198d9cbafc46bf7d0c7f8b4b0a418a4bb8b336787d54c7b34fd
- Size
  
  932KB
- MD5
  
  5bdbd0d69c232c6aa19fed358cb1df55
- SHA1
  
  049c2fa22106d59d2c7ecfab81590f184dc8c7e2
- SHA256
  
  98b0ceb542b0c198d9cbafc46bf7d0c7f8b4b0a418a4bb8b336787d54c7b34fd
- SHA512
  
  9da915e5369f731f62b16a9d1b63592faf024e250c32be0aa07b45e3a1a1abd0e5bb9ee9825f67dfa2d10326be99cdfa2a9f1cd505fa964bcd7732d16e3dcabc
- SSDEEP
  
  12288:Qtb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSga+lJ1JJ6A:Qtb20pkaCqT5TBWgNQ7aIFJ6A
Score

10^/10

netwire botnet rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Executes dropped EXE
- Loads dropped DLL
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

netwirebotnetratstealer

behavioral2

netwirebotnetratstealer

© 2018-2024

Terms | Privacy