netwire | 3a4eefa976a8911003a83508aa348c63ff7be87c4c7a90445542af8a140c78fa | Triage

Submit
Reports

Overview

overview

Static

static

3a4eefa976...fa.exe

windows7-x64

3a4eefa976...fa.exe

windows10-2004-x64

Sharing

General

Target

3a4eefa976a8911003a83508aa348c63ff7be87c4c7a90445542af8a140c78fa
Size

164KB
Sample

221127-y2bjesba6v
MD5

710b2f2fb3898204ad45b9851e5d12d3
SHA1

d6978ce690d30011493eba3208b2cba46e4721c2
SHA256

3a4eefa976a8911003a83508aa348c63ff7be87c4c7a90445542af8a140c78fa
SHA512

1e77950b48cd166a6f9536df6b0e46b2e39f4590bf1bc0b1fd8af7cc9c372a91a01aa6e41673a39946d8aec24d93db00a25a278fb726c6314aba9b18d4c6f940
SSDEEP

3072:pZUfHqXNtYNd0dtksxvm1Q5LXfWn20lbtDaCPKGdAsUg:pZUfHytYY2s4Q5L4ZDj3

Score

10^/10

netwire botnet persistence rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

3a4eefa976a8911003a83508aa348c63ff7be87c4c7a90445542af8a140c78fa.exe

Resource

win7-20220812-en

netwire botnet persistence rat stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

3a4eefa976a8911003a83508aa348c63ff7be87c4c7a90445542af8a140c78fa.exe

Resource

win10v2004-20220812-en

netwire botnet persistence rat stealer

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  3a4eefa976a8911003a83508aa348c63ff7be87c4c7a90445542af8a140c78fa
- Size
  
  164KB
- MD5
  
  710b2f2fb3898204ad45b9851e5d12d3
- SHA1
  
  d6978ce690d30011493eba3208b2cba46e4721c2
- SHA256
  
  3a4eefa976a8911003a83508aa348c63ff7be87c4c7a90445542af8a140c78fa
- SHA512
  
  1e77950b48cd166a6f9536df6b0e46b2e39f4590bf1bc0b1fd8af7cc9c372a91a01aa6e41673a39946d8aec24d93db00a25a278fb726c6314aba9b18d4c6f940
- SSDEEP
  
  3072:pZUfHqXNtYNd0dtksxvm1Q5LXfWn20lbtDaCPKGdAsUg:pZUfHytYY2s4Q5L4ZDj3
Score

10^/10

netwire botnet persistence rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

netwirebotnetpersistenceratstealer

behavioral2

netwirebotnetpersistenceratstealer

© 2018-2024

Terms | Privacy