netwire | 92d0eafce57fdc73606c772b71a99a0c49358d5131d28c2a8af92a8822ef6483 | Triage

Submit
Reports

Overview

overview

Static

static

92d0eafce5...83.exe

windows7-x64

92d0eafce5...83.exe

windows10-2004-x64

Sharing

General

Target

92d0eafce57fdc73606c772b71a99a0c49358d5131d28c2a8af92a8822ef6483
Size

191KB
Sample

221128-xj62yach5t
MD5

67e25aa6b3a942b2f4144ce74bac4e2b
SHA1

61e00bef097560d655002ce2e86ece31ac2a9ea6
SHA256

92d0eafce57fdc73606c772b71a99a0c49358d5131d28c2a8af92a8822ef6483
SHA512

f008972bc1957bb4624bd696095aea7e5f4041fbffe6d24bee7fde6eaa1156d7f948464b195735190a928297375ea4760f382988a4d851460e850389ceba1c1b
SSDEEP

3072:ucmp+C7JOGRbQR0aTZfHsz6mZT/6xEGkuGqS8KgfAeFTcVS7dtUSTSeD:hmD7J1JQRZfw1/6ny4Kgf5FTcVQXvGe

Score

10^/10

netwire botnet persistence rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

92d0eafce57fdc73606c772b71a99a0c49358d5131d28c2a8af92a8822ef6483.exe

Resource

win7-20220812-en

netwire botnet persistence rat stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

92d0eafce57fdc73606c772b71a99a0c49358d5131d28c2a8af92a8822ef6483.exe

Resource

win10v2004-20220812-en

netwire botnet persistence rat stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  92d0eafce57fdc73606c772b71a99a0c49358d5131d28c2a8af92a8822ef6483
- Size
  
  191KB
- MD5
  
  67e25aa6b3a942b2f4144ce74bac4e2b
- SHA1
  
  61e00bef097560d655002ce2e86ece31ac2a9ea6
- SHA256
  
  92d0eafce57fdc73606c772b71a99a0c49358d5131d28c2a8af92a8822ef6483
- SHA512
  
  f008972bc1957bb4624bd696095aea7e5f4041fbffe6d24bee7fde6eaa1156d7f948464b195735190a928297375ea4760f382988a4d851460e850389ceba1c1b
- SSDEEP
  
  3072:ucmp+C7JOGRbQR0aTZfHsz6mZT/6xEGkuGqS8KgfAeFTcVS7dtUSTSeD:hmD7J1JQRZfw1/6ny4Kgf5FTcVQXvGe
Score

10^/10

netwire botnet persistence rat stealer
- Modifies WinLogon for persistence
  persistence
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Drops file in Drivers directory
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

netwirebotnetpersistenceratstealer

behavioral2

netwirebotnetpersistenceratstealer

© 2018-2024

Terms | Privacy