netwire | 37f300481c85b382f84cbde9e53b84997659ab49a2d11b089ac3ecf18933db0e | Triage

Submit
Reports

Overview

overview

Static

static

37f300481c...0e.exe

windows7-x64

8

37f300481c...0e.exe

windows10-2004-x64

Sharing

General

Target

37f300481c85b382f84cbde9e53b84997659ab49a2d11b089ac3ecf18933db0e
Size

679KB
Sample

221128-wy19kabb7v
MD5

6849594bb5bf5ef5c7dad7c530d6e9dc
SHA1

e067a1e42e718d561cd5a1d70b3cf7348e603947
SHA256

37f300481c85b382f84cbde9e53b84997659ab49a2d11b089ac3ecf18933db0e
SHA512

9ed5ae5e3123c37ccb75631c63b056e5531589aee823052877c05d972e8962644c55651a5202d669eef47932413f3ae939b7f3c020a2d325644dc38ee4ded46d
SSDEEP

12288:mK2mhAMJ/cPl5SIFhjHfZqp38h7UZYE82Y5UKUL4n4y3Xp3SbSlNHNU:H2O/Gl5rdfR7g6zwm4m53Sb2rU

Score

10^/10

netwire botnet evasion persistence rat stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

37f300481c85b382f84cbde9e53b84997659ab49a2d11b089ac3ecf18933db0e.exe

Resource

win7-20220812-en

evasion persistence trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

37f300481c85b382f84cbde9e53b84997659ab49a2d11b089ac3ecf18933db0e.exe

Resource

win10v2004-20220812-en

netwire botnet evasion persistence rat stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  37f300481c85b382f84cbde9e53b84997659ab49a2d11b089ac3ecf18933db0e
- Size
  
  679KB
- MD5
  
  6849594bb5bf5ef5c7dad7c530d6e9dc
- SHA1
  
  e067a1e42e718d561cd5a1d70b3cf7348e603947
- SHA256
  
  37f300481c85b382f84cbde9e53b84997659ab49a2d11b089ac3ecf18933db0e
- SHA512
  
  9ed5ae5e3123c37ccb75631c63b056e5531589aee823052877c05d972e8962644c55651a5202d669eef47932413f3ae939b7f3c020a2d325644dc38ee4ded46d
- SSDEEP
  
  12288:mK2mhAMJ/cPl5SIFhjHfZqp38h7UZYE82Y5UKUL4n4y3Xp3SbSlNHNU:H2O/Gl5rdfR7g6zwm4m53Sb2rU
Score

10^/10

evasion persistence trojan netwire botnet rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

netwirebotnetevasionpersistenceratstealertrojan

© 2018-2024

Terms | Privacy