netwire | cd73f6562e0e4d49a8fe056772ce180c3103e36ee6a122303fe20173baac5310 | Triage

Submit
Reports

Overview

overview

Static

static

cd73f6562e...10.exe

windows7-x64

cd73f6562e...10.exe

windows10-2004-x64

Sharing

General

Target

cd73f6562e0e4d49a8fe056772ce180c3103e36ee6a122303fe20173baac5310
Size

284KB
Sample

230129-wrrrjsge32
MD5

8ac5bd7b6012be46799fd8ab25fb6390
SHA1

7f5542064ba7fe1fa2e44d259f576b2054915f47
SHA256

cd73f6562e0e4d49a8fe056772ce180c3103e36ee6a122303fe20173baac5310
SHA512

8612c8515324f7a93ce94515690a46067a8754fa2a874074181ee68c33e025449cd5867be620710e53ae1a0bf47fc70cbe4f9e80c5880c21a86c7a70c2a52ff1
SSDEEP

6144:pNNaI9Q51BCwYdKxpqNELJXYM+Ab6Rye2k6YDq5cPNEjoeF:pNNlefCwpqNERYM3PM3qAEjoG

Score

10^/10

netwire botnet rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

cd73f6562e0e4d49a8fe056772ce180c3103e36ee6a122303fe20173baac5310.exe

Resource

win7-20220812-en

netwire botnet rat stealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

cd73f6562e0e4d49a8fe056772ce180c3103e36ee6a122303fe20173baac5310.exe

Resource

win10v2004-20220812-en

netwire botnet rat stealer

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

netwire

C2

melvintravel.ddns.net:39760

Attributes

activex_autorun
false
copy_executable
false
delete_original
false
host_id
EngineWEALTH
keylogger_dir
C:\Users\Admin\AppData\Roaming\Logs\
lock_executable
false
mutex
qJfDOWue
offline_keylogger
true
password
Onelove
registry_autorun
false
use_mutex
true

Targets

- Target
  
  cd73f6562e0e4d49a8fe056772ce180c3103e36ee6a122303fe20173baac5310
- Size
  
  284KB
- MD5
  
  8ac5bd7b6012be46799fd8ab25fb6390
- SHA1
  
  7f5542064ba7fe1fa2e44d259f576b2054915f47
- SHA256
  
  cd73f6562e0e4d49a8fe056772ce180c3103e36ee6a122303fe20173baac5310
- SHA512
  
  8612c8515324f7a93ce94515690a46067a8754fa2a874074181ee68c33e025449cd5867be620710e53ae1a0bf47fc70cbe4f9e80c5880c21a86c7a70c2a52ff1
- SSDEEP
  
  6144:pNNaI9Q51BCwYdKxpqNELJXYM+Ab6Rye2k6YDq5cPNEjoeF:pNNlefCwpqNERYM3PM3qAEjoG
Score

10^/10

netwire botnet rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

netwirebotnetratstealer

behavioral2

netwirebotnetratstealer

© 2018-2024

Terms | Privacy