netwire | b79dae4f637d5de6f2fbbf5792ee32722855966a72f0a5cf674a1f972da5af4a | Triage

Submit
Reports

Overview

overview

Static

static

b79dae4f63...4a.exe

windows7-x64

b79dae4f63...4a.exe

windows10-2004-x64

Sharing

General

Target

b79dae4f637d5de6f2fbbf5792ee32722855966a72f0a5cf674a1f972da5af4a
Size

156KB
Sample

221128-qdsh2aef27
MD5

c066281525814a0b9b70842dfba0a728
SHA1

0191c82db08d05a914cc6450206b92bf64270232
SHA256

b79dae4f637d5de6f2fbbf5792ee32722855966a72f0a5cf674a1f972da5af4a
SHA512

da77f2c75a4f277d15216a20578fe602be4492dde0b11bf788b3347b3d85d430b05a1a5cb85617da249fa3cb3306a4b778768c63c8cf1bd1081c89c0959a9ff9
SSDEEP

3072:oN++i8L367k7uY+5BaGNQVbls/k+HNwC4zRviN9K:ocC67lfOAQhMTHNws

Score

10^/10

netwire botnet persistence rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

b79dae4f637d5de6f2fbbf5792ee32722855966a72f0a5cf674a1f972da5af4a.exe

Resource

win7-20220812-en

netwire botnet persistence rat stealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

b79dae4f637d5de6f2fbbf5792ee32722855966a72f0a5cf674a1f972da5af4a.exe

Resource

win10v2004-20220812-en

netwire botnet persistence rat stealer

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  b79dae4f637d5de6f2fbbf5792ee32722855966a72f0a5cf674a1f972da5af4a
- Size
  
  156KB
- MD5
  
  c066281525814a0b9b70842dfba0a728
- SHA1
  
  0191c82db08d05a914cc6450206b92bf64270232
- SHA256
  
  b79dae4f637d5de6f2fbbf5792ee32722855966a72f0a5cf674a1f972da5af4a
- SHA512
  
  da77f2c75a4f277d15216a20578fe602be4492dde0b11bf788b3347b3d85d430b05a1a5cb85617da249fa3cb3306a4b778768c63c8cf1bd1081c89c0959a9ff9
- SSDEEP
  
  3072:oN++i8L367k7uY+5BaGNQVbls/k+HNwC4zRviN9K:ocC67lfOAQhMTHNws
Score

10^/10

netwire botnet persistence rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Modifies Installed Components in the registry
  persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

netwirebotnetpersistenceratstealer

behavioral2

netwirebotnetpersistenceratstealer

© 2018-2024

Terms | Privacy