netwire | d1c250fd723d26b790ca019cad1cb159a6e95c0add5e57094e33252b53f04da6 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

d1c250fd723d26b790ca019cad1cb159a6e95c0add5e57094e33252b53f04da6
Size

8KB
Sample

230123-xhl1daeg57
MD5

46185d648b66380eb3fa3cdea9146d77
SHA1

1f253b466688771c9f8d2f67b52fa9e39bfc9329
SHA256

d1c250fd723d26b790ca019cad1cb159a6e95c0add5e57094e33252b53f04da6
SHA512

656d9ad3a1aef82b6645318f5e7312379349347c143686e407c2191035acfafed1adfd970eb7f6907032ed95e70b206b1d6da42424e648665d7b03f5edf2d42b
SSDEEP

96:/T978DaGTTNuPONQsAYAlcQf1cEXwr0iG0+k/xS7Zr74bFnU:xHGNuaspcEXz0j/klrN

Score

10^/10

netwire botnet rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

d1c250fd723d26b790ca019cad1cb159a6e95c0add5e57094e33252b53f04da6.exe

Resource

win10v2004-20221111-en

netwire botnet rat stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

netwire

C2

212.193.30.230:3363

Attributes

activex_autorun
false
copy_executable
false
delete_original
false
host_id
HostId-%Rand%
keylogger_dir
%AppData%\Logs\
lock_executable
false
offline_keylogger
true
password
Password@2
registry_autorun
false
use_mutex
false

Targets

- Target
  
  d1c250fd723d26b790ca019cad1cb159a6e95c0add5e57094e33252b53f04da6
- Size
  
  8KB
- MD5
  
  46185d648b66380eb3fa3cdea9146d77
- SHA1
  
  1f253b466688771c9f8d2f67b52fa9e39bfc9329
- SHA256
  
  d1c250fd723d26b790ca019cad1cb159a6e95c0add5e57094e33252b53f04da6
- SHA512
  
  656d9ad3a1aef82b6645318f5e7312379349347c143686e407c2191035acfafed1adfd970eb7f6907032ed95e70b206b1d6da42424e648665d7b03f5edf2d42b
- SSDEEP
  
  96:/T978DaGTTNuPONQsAYAlcQf1cEXwr0iG0+k/xS7Zr74bFnU:xHGNuaspcEXz0j/klrN
Score

10^/10

netwire botnet rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

netwirebotnetratstealer

© 2018-2024

Terms | Privacy