netwire | df16c889e128e3c308328af7cfb8f888d1fd4cdd26de73fcf97491352c43813a | Triage

Submit
Reports

Overview

overview

Static

static

df16c889e1...3a.exe

windows7-x64

df16c889e1...3a.exe

windows10-2004-x64

Sharing

General

Target

df16c889e128e3c308328af7cfb8f888d1fd4cdd26de73fcf97491352c43813a
Size

532KB
Sample

230129-wqq4magd82
MD5

41460312beebf82c6ec41c66668fe8ca
SHA1

63824b88debe7f4109d0c51a788ed11dfa913b6c
SHA256

df16c889e128e3c308328af7cfb8f888d1fd4cdd26de73fcf97491352c43813a
SHA512

01181f26740ee6734e4aeba825ae3e1cef499d61dd8c48ab8a09fbfa257701e91e08cbe057dff3c44940abd105cc14a9d50ec4d85c12a6012b4c30a875586ba5
SSDEEP

6144:jas0n38fUMxMcnuBhP8fUMxMcnuBhP8fUMxMcnuBhP8fUMxMcnuBhPXukmxJUEMz:25duAE+P9OJBQ3IPmd5t3W7K

Score

10^/10

netwire botnet rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

df16c889e128e3c308328af7cfb8f888d1fd4cdd26de73fcf97491352c43813a.exe

Resource

win7-20220812-en

netwire botnet rat stealer

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

df16c889e128e3c308328af7cfb8f888d1fd4cdd26de73fcf97491352c43813a.exe

Resource

win10v2004-20220812-en

netwire botnet rat stealer

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

netwire

C2

204.152.219.82:9008

Attributes

activex_autorun
false
copy_executable
false
delete_original
false
host_id
HostId-%Rand%
lock_executable
false
offline_keylogger
false
password
Password
registry_autorun
false
use_mutex
false

Targets

- Target
  
  df16c889e128e3c308328af7cfb8f888d1fd4cdd26de73fcf97491352c43813a
- Size
  
  532KB
- MD5
  
  41460312beebf82c6ec41c66668fe8ca
- SHA1
  
  63824b88debe7f4109d0c51a788ed11dfa913b6c
- SHA256
  
  df16c889e128e3c308328af7cfb8f888d1fd4cdd26de73fcf97491352c43813a
- SHA512
  
  01181f26740ee6734e4aeba825ae3e1cef499d61dd8c48ab8a09fbfa257701e91e08cbe057dff3c44940abd105cc14a9d50ec4d85c12a6012b4c30a875586ba5
- SSDEEP
  
  6144:jas0n38fUMxMcnuBhP8fUMxMcnuBhP8fUMxMcnuBhP8fUMxMcnuBhPXukmxJUEMz:25duAE+P9OJBQ3IPmd5t3W7K
Score

10^/10

netwire botnet rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

netwirebotnetratstealer

behavioral2

netwirebotnetratstealer

© 2018-2024

Terms | Privacy