netwire

Sharing

Copy URL

Twitter E-mail

General

Target

PolarisTrial.zip
Size

5.6MB
Sample

230121-mxvwqabh24
MD5

869ca79e4e3c2dac90d9b7237ae57bf2
SHA1

bf72ef8b379362128773c2f80d86a7d76e234389
SHA256

8ad3cd692a9eca18fc36cec9091f40a3f85c3a1b6d21ff63ed912971a854e075
SHA512

a6cf9263b6bc48e29e65bdd3818ecadb533e0133a882d0c56289093724759a67defc128f7af45fc32575489403f998d1aae0607423e5328d04c7bd256383a7e3
SSDEEP

98304:G4T+55HMgngDuJfcH4xti+eGVxrglD860wiOxTs1JtJeZCS0yxH7WD8an0vqL:Pq5pMgng40Y7iVGVxmcD1DJeZCS0cWNv

Score

10^/10

Malware Config

Targets

- Target
  
  PolarisTrial/DotNetZip.dll
- Size
  
  461KB
- MD5
  
  a999d7f3807564cc816c16f862a60bbe
- SHA1
  
  1ee724daaf70c6b0083bf589674b6f6d8427544f
- SHA256
  
  8e9c0362e9bfb3c49af59e1b4d376d3e85b13aed0fbc3f5c0e1ebc99c07345f3
- SHA512
  
  6f1f73314d86ae324cc7f55d8e6352e90d4a47f0200671f7069daa98592daaceea34cf89b47defbecdda7d3b3e4682de70e80a5275567b82aa81b002958e4414
- SSDEEP
  
  6144:DuCInHLhJI4FY/ixjci6ychf8xalGQGtSV41kJDsTDDpBnse6OVxLV/W:3QL32ikCaUS4csRBse6sfW
Score

1^/10
behavioral1
- Target
  
  PolarisTrial/Guna.UI2.dll
- Size
  
  2.0MB
- MD5
  
  bdcc86fe49a37adf6a2f998de18b4487
- SHA1
  
  53fa4122ee5f2d63239e70b60c33f329fe442901
- SHA256
  
  46eb6373653147054e2e5039093a1783a188bd5483710a25f122b431ef5d4715
- SHA512
  
  31481f24259a503c2539738086a9cf185e9b9b64b1a205b0834384a3ddb67cbf2e1bec57aac618310681a9cc3f7e11df1042961df368ed7004c4cce8c42af069
- SSDEEP
  
  24576:59QRTBAFp9V3KTA7Ofd5g6cC/AZz+o2+OiMTiZz0CaHG5kyvJZUEY3JNSWuUbsul:5eR+OTA/2fTiZz0HHGGEY5QXCs/le
Score

1^/10
behavioral2
- Target
  
  PolarisTrial/ILMerge.exe
- Size
  
  668KB
- MD5
  
  2bb6322885e6ca0986206de174e842c9
- SHA1
  
  c5ea70169106d32bc513d28ea76ae8ea1e49380b
- SHA256
  
  8110d740b485bcb06ff406b17001714c3a146fe6517098c9dc90d812b83389fd
- SHA512
  
  9750180c54a5bd8f0e1fa8a8f529364430f2ef444efbf8ac51e8d2a0aaa4e3d21fe553865ba8567c7c19e4ae84d04b20464f391743e88c52c00cac0bf20fc2a7
- SSDEEP
  
  12288:8E8Q+HlWx+TV7109nrRoTQhfL40+FQT7gWoi:hn+HQp9UQ2dFNi
Score

1^/10
behavioral3
- Target
  
  PolarisTrial/Microsoft.Win32.TaskScheduler.dll
- Size
  
  326KB
- MD5
  
  a844ac745a4005fbd3f51d79ff88583c
- SHA1
  
  92671774fd4be9781a77d2788a8dddbf8981ead5
- SHA256
  
  74fe1a6a1e36be7d893e31bbb4d4bd83bf4b927e715276cd5607982139818ebd
- SHA512
  
  5f0734058d9146ffeb552abf443df5097cf134a4737bed499467830e08d97f5d1996c1f1647c5c12289ca4d4209effd480010afebc59d50290d4ca7d45bb41f8
- SSDEEP
  
  3072:o1sSJApTSnQU/x0ImhuDzHfs4zbYOjujDRfygDgKQINXLLHIaKlay8weCycJ5Dfm:o1sSmRIt/xhtsOju1DH5NXnIKAc
Score

1^/10
behavioral4
- Target
  
  PolarisTrial/PolarisTrial.exe
- Size
  
  5.5MB
- MD5
  
  36e404e81aa3f4682eedf6536507d91b
- SHA1
  
  116a1aaa2e4a06cb97395225ccabe6b0d66e4be6
- SHA256
  
  2cc249a2be6c8f60714f21e8d0b4d4dc6cbda4cde7acfbfbfc1fca9e93778d84
- SHA512
  
  85cadf3b80c69e4e1b8b81b1c9ea45722c7aa14d2ece3950b762c2cc350805c8f2bd80ba9ab71d2f7c58046cb6f0d0be3f1dae77962c14125cc8a5feef439746
- SSDEEP
  
  98304:eDVp+Z/vQvvPn/pPBwYOb79BD+17rpEd6R3ubV3SDfJtLzlkCAdsOuwrGfhaFEti:eDVp+Z/vQvvPn/puZBD+17rpEd6R3ubL
Score

10^/10

netwire botnet rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
behavioral5
- Target
  
  PolarisTrial/Tools/Microsoft.Bcl.AsyncInterfaces.dll
- Size
  
  26KB
- MD5
  
  970b6e6478ae3ab699f277d77de0cd19
- SHA1
  
  5475cb28998d419b4714343ffa9511ff46322ac2
- SHA256
  
  5dc372a10f345b1f00ec6a8fa1a2ce569f7e5d63e4f1f8631be367e46bfa34f4
- SHA512
  
  f3ad2088c5d3fcb770c6d8212650eed95507e107a34f9468ca9db99defd8838443a95e0b59a5a6cb65a18ebbc529110c5348513a321b44223f537096c6d7d6e0
- SSDEEP
  
  768:DulwnBhYlTVv2wK5idcgF4of1n6K9zUYJ:ywHYFtKYdcg/f1nXzUYJ
Score

1^/10
behavioral6
- Target
  
  PolarisTrial/Tools/Microsoft.Win32.TaskScheduler.dll
- Size
  
  167KB
- MD5
  
  c6b3538f7bf8c8a7ce900edf5994df5b
- SHA1
  
  1c89d3a09d86ab5f67ea9877534451cf778132ac
- SHA256
  
  b185b29b50062038c531c4301129bd06e0d51027e7512c3ecb41569413cea893
- SHA512
  
  ebfcb2d810afb3f267662700d3e54d40a83aa10b2a7b1c38af4cf909a7457bf1eb768085eba69e7af679f20a9d02cd73118f52a113bd2cdde05987b0a9e4a085
- SSDEEP
  
  3072:fo4cTDxLDwpnNnNSeBfAEHBAnpK37nXxOalx+o2bHQe0UBagDeo7QA74tyohsaQs:fjwBDwpnRNSe9+Qx/nfU8FoisaF
Score

1^/10
behavioral7
- Target
  
  PolarisTrial/Tools/Newtonsoft.Json.dll
- Size
  
  562KB
- MD5
  
  486015a44a273c6c554a27b3d498365c
- SHA1
  
  cb08f5d7240dfcdcd77de754259b36c0d9a2a034
- SHA256
  
  6a168461c721fd14163751f7839fb8d67483cb5831f1b2b1ab3e96a68b82d384
- SHA512
  
  1578ed43e815017c269d2a37bb9cdc16d51209bfa6bdb7276ad67cbb39955708826973ac7f48c795e6a1361e7d2a14b14b6cea02ee9ecf396a4b02313aada1d6
- SSDEEP
  
  6144:IJj8fixN6WWWgIkPgXCv8YiMvrrN91nU1cysJZx28rs80nnlrautBu+cfImj4yu3:IJjHxN65WCPPvWqFOV6ZxFrvKbByjdu3
Score

1^/10
behavioral8
- Target
  
  PolarisTrial/Tools/System.Buffers.dll
- Size
  
  20KB
- MD5
  
  ecdfe8ede869d2ccc6bf99981ea96400
- SHA1
  
  2f410a0396bc148ed533ad49b6415fb58dd4d641
- SHA256
  
  accccfbe45d9f08ffeed9916e37b33e98c65be012cfff6e7fa7b67210ce1fefb
- SHA512
  
  5fc7fee5c25cb2eee19737068968e00a00961c257271b420f594e5a0da0559502d04ee6ba2d8d2aad77f3769622f6743a5ee8dae23f8f993f33fb09ed8db2741
- SSDEEP
  
  384:/rMdp9yXOfPfAxR5zwWvYW8a2cyHRN7vCvlbLg:/rMcXP6N6e
Score

1^/10
behavioral9
- Target
  
  PolarisTrial/Tools/System.Diagnostics.DiagnosticSource.dll
- Size
  
  62KB
- MD5
  
  3567d2a4ce7fdf8356de4d10f9c13351
- SHA1
  
  9c932e41cfacf87af0621bba280489f977c14125
- SHA256
  
  f71b33937ed89cdee014dac4960b064e49566dc64676a2e6a7a6f0c00126f950
- SHA512
  
  f10a0b1701dc0ee8b4867d718e33625b47fdb56da9e6f0e69c6db620ee1a9cdc9dfa8f36b3df45addc01e54e3e112b38d191344c8afff01aa8a12fdba53abf86
- SSDEEP
  
  768:t3t4VwYKqIQxbMtsmqx9TW4Uw7Zyo7f8nprv062SY2bLNvu2pPphE2MKNIZUlqqV:tSMqdM9oBUgyoQnpDlWCL7cjvHYj
Score

1^/10
behavioral10
- Target
  
  PolarisTrial/Tools/System.Memory.Data.dll
- Size
  
  21KB
- MD5
  
  bc1215a36bcb4bb151194af2fd6bd8eb
- SHA1
  
  b3ee776373e226c8cf3201157e5df9f966266b15
- SHA256
  
  c96801b5f4b0a69186b780fc325bc26c4437f72611eb2d5a14083e776c343ded
- SHA512
  
  2ef80f0a62d17395463d904205b2c91230f31ce1856b8d66fcbfce3804bf80a01488402d62233b8f6df687752ceefe7353a0a07c6cccfdc4862c53ece70ddccf
- SSDEEP
  
  384:H1MMFqX6nTLoyip4XVKUdhOZEgAvhwWSqBgD/HRN7WTyiloLxODZ:H26nTEJyFzhOZWvxSDv5w
Score

1^/10
behavioral11
- Target
  
  PolarisTrial/Tools/System.Memory.dll
- Size
  
  138KB
- MD5
  
  f09441a1ee47fb3e6571a3a448e05baf
- SHA1
  
  3c5c5df5f8f8db3f0a35c5ed8d357313a54e3cde
- SHA256
  
  bf3fb84664f4097f1a8a9bc71a51dcf8cf1a905d4080a4d290da1730866e856f
- SHA512
  
  0199ae0633bccfeaefbb5aed20832a4379c7ad73461d41a9da3d6dc044093cc319670e67c4efbf830308cbd9a48fb40d4a6c7e472dcc42eb745c6ba813e8e7c6
- SSDEEP
  
  3072:nUGrszKKLB8a9DvrJeeesIf3amN32AW/rcyw/s:OB8l3/aK32qU
Score

1^/10
behavioral12
- Target
  
  PolarisTrial/Tools/System.Numerics.Vectors.dll
- Size
  
  113KB
- MD5
  
  aaa2cbf14e06e9d3586d8a4ed455db33
- SHA1
  
  3d216458740ad5cb05bc5f7c3491cde44a1e5df0
- SHA256
  
  1d3ef8698281e7cf7371d1554afef5872b39f96c26da772210a33da041ba1183
- SHA512
  
  0b14a039ca67982794a2bb69974ef04a7fbee3686d7364f8f4db70ea6259d29640cbb83d5b544d92fa1d3676c7619cd580ff45671a2bb4753ed8b383597c6da8
- SSDEEP
  
  1536:nPOw0SUUKw+GbgjMV+fCY1UiiGZ6qetMXIAMZ2zstK/hV+sUwS:nWw0SUUKBM8aOUiiGw7qa9tK/bJS
Score

1^/10
behavioral13
- Target
  
  PolarisTrial/Tools/System.Runtime.CompilerServices.Unsafe.dll
- Size
  
  17KB
- MD5
  
  c610e828b54001574d86dd2ed730e392
- SHA1
  
  180a7baafbc820a838bbaca434032d9d33cceebe
- SHA256
  
  37768488e8ef45729bc7d9a2677633c6450042975bb96516e186da6cb9cd0dcf
- SHA512
  
  441610d2b9f841d25494d7c82222d07e1d443b0da07f0cf735c25ec82f6cce99a3f3236872aec38cc4df779e615d22469666066ccefed7fe75982eefada46396
- SSDEEP
  
  384:EybU8ndrbbT9NWB2WL/uPHRN7bhlsQVryo:Ey5ndvWbMPVryo
Score

1^/10
behavioral14
- Target
  
  PolarisTrial/Tools/System.Text.Encodings.Web.dll
- Size
  
  77KB
- MD5
  
  c77ae3414d78c1f082c65415fae69661
- SHA1
  
  3b35461d86a774535ac226ca9706fb50332de20a
- SHA256
  
  c792bfe3f43c894e20339252d159a96a20ccc6e13322b2d382570ff97939e501
- SHA512
  
  08941ba8be5031cc4e363a916525437c62b409576c91c10fc72795faa10bc989f0d1797b576802e208dfe4305a4447c0299e2755ba92f97f531de1f56fd5865a
- SSDEEP
  
  1536:4OO7OOOc2yIDmBkKQh3rt7jUGyRG/mz4CRLf8ocVW4t72bfQZHzp:fyMmXQh3rNjUFG/mk8f8owW4s0ZHF
Score

1^/10
behavioral15
- Target
  
  PolarisTrial/Tools/System.Text.Json.dll
- Size
  
  569KB
- MD5
  
  170172abd66b9d41ed8117674e112709
- SHA1
  
  ea762c545a047c39e488d7e66ffce4fdbd633be4
- SHA256
  
  090a9e3b9591c05bd1df36992fdd8d4eabd4fc2a6f2d08490ca0d410aff52e5a
- SHA512
  
  28e78154048f711e536a5c10660c86806ee4156fbb964f6a0211dd1f6a5bf52d447b8d32f51f5ca5e31ff0044ecce4148e46ef5b173940458033badbbbfb5c30
- SSDEEP
  
  6144:49agharY8c1nmMKeEh/O5zZA9khoWNFlTJFovoIOZzoON4skOaQgeyv9HIocCpXL:49WrY8m/A1WNFltnIOZoQges9HvPV
Score

1^/10
behavioral16
- Target
  
  PolarisTrial/Tools/System.Threading.Channels.dll
- Size
  
  52KB
- MD5
  
  59436c9e3edf074acfb2c32c58d0c28c
- SHA1
  
  8ecbb9d024c6b54f1d13efe4c4afff3286992cae
- SHA256
  
  4aaf175d1823a14899931c6257b7d0c1479f18fd3c1a5d30551786f900d41c5c
- SHA512
  
  a4e846fae51ac3daf89dca2b122b4f761a5a2ff0ed5a6e619d465115eb8328811c1baab41a0a1f10ed177acaa56efa2bdd2f91e93b244aa5fdb09fe4e90f5de9
- SSDEEP
  
  768:2k2Kl0dluLNefijrSS658GHmF7x2D9KVrOo/c/ckn6uo0elRmuU9zRC:h2Ke6/SSSHOG9KcoAckzo0od8z0
Score

1^/10
behavioral17
- Target
  
  PolarisTrial/Tools/System.Threading.Tasks.Extensions.dll
- Size
  
  25KB
- MD5
  
  e1e9d7d46e5cd9525c5927dc98d9ecc7
- SHA1
  
  2242627282f9e07e37b274ea36fac2d3cd9c9110
- SHA256
  
  4f81ffd0dc7204db75afc35ea4291769b07c440592f28894260eea76626a23c6
- SHA512
  
  da7ab8c0100e7d074f0e680b28d241940733860dfbdc5b8c78428b76e807f27e44d1c5ec95ee80c0b5098e8c5d5da4d48bce86800164f9734a05035220c3ff11
- SSDEEP
  
  384:1R973o62/KqcAnb05J3w0I5eUGef8s72XBWdvVW2JW8aJcyHRN7WEimpplex:1RZ4nNxnYTb6Blha
Score

1^/10
behavioral18
- Target
  
  PolarisTrial/Tools/System.ValueTuple.dll
- Size
  
  24KB
- MD5
  
  23ee4302e85013a1eb4324c414d561d5
- SHA1
  
  d1664731719e85aad7a2273685d77feb0204ec98
- SHA256
  
  e905d102585b22c6df04f219af5cbdbfa7bc165979e9788b62df6dcc165e10f4
- SHA512
  
  6b223ce7f580a40a8864a762e3d5cccf1d34a554847787551e8a5d4d05d7f7a5f116f2de8a1c793f327a64d23570228c6e3648a541dd52f93d58f8f243591e32
- SSDEEP
  
  384:VyPa16oAL4D+wW9IWmDIW4IWYDMFm0GftpBjMIraQHRN7VlmTpF0:VWs6oqDjADKeDYViG+LN
Score

1^/10
behavioral19
- Target
  
  PolarisTrial/Tools/yas.dll
- Size
  
  569KB
- MD5
  
  170172abd66b9d41ed8117674e112709
- SHA1
  
  ea762c545a047c39e488d7e66ffce4fdbd633be4
- SHA256
  
  090a9e3b9591c05bd1df36992fdd8d4eabd4fc2a6f2d08490ca0d410aff52e5a
- SHA512
  
  28e78154048f711e536a5c10660c86806ee4156fbb964f6a0211dd1f6a5bf52d447b8d32f51f5ca5e31ff0044ecce4148e46ef5b173940458033badbbbfb5c30
- SSDEEP
  
  6144:49agharY8c1nmMKeEh/O5zZA9khoWNFlTJFovoIOZzoON4skOaQgeyv9HIocCpXL:49WrY8m/A1WNFltnIOZoQges9HvPV
Score

1^/10
behavioral20

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Targets

NetWire RAT payload

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20