netwire | 6d7d8799da7b16c8422dc43558d3df61030443b8a5532947159d7f45a66023ba | Triage

Sharing

General

Target

jdks.exe
Size

3.3MB
Sample

230209-mf6xnaga9t
MD5

1ab9fdceab1dc5b1e1f13c24a98fdb93
SHA1

890fa430810fecdb9d782959ca3d59be2bed25f6
SHA256

6d7d8799da7b16c8422dc43558d3df61030443b8a5532947159d7f45a66023ba
SHA512

ee885aba3a94e39e0d3494a58f82bd89d080777d41abd21c97b8d19cdb29133e7c2302b5981211a26406519d8ed370ba80f2613100db7cf9c2bd1f1037857565
SSDEEP

49152:lFAZOskMJnefYZ3AXGIrShvBTA1CkYp3NJ9:6ONuUI8GbvBTA1ypr

Score

10^/10

netwire botnet rat stealer

Malware Config

Extracted

Family

netwire

C2

asorock0011.ddns.net:5389

wcbradley.duckdns.org:5389

Attributes

activex_autorun
false
copy_executable
true
delete_original
false
host_id
LAST CRYPT 0918
install_path
%AppData%\Install\jdks.exe
keylogger_dir
%AppData%\Logs\
lock_executable
true
mutex
FWbuMAeG
offline_keylogger
true
password
teamoluwa1
registry_autorun
true
startup_name
oskd
use_mutex
true

Targets

- Target
  
  jdks.exe
- Size
  
  3.3MB
- MD5
  
  1ab9fdceab1dc5b1e1f13c24a98fdb93
- SHA1
  
  890fa430810fecdb9d782959ca3d59be2bed25f6
- SHA256
  
  6d7d8799da7b16c8422dc43558d3df61030443b8a5532947159d7f45a66023ba
- SHA512
  
  ee885aba3a94e39e0d3494a58f82bd89d080777d41abd21c97b8d19cdb29133e7c2302b5981211a26406519d8ed370ba80f2613100db7cf9c2bd1f1037857565
- SSDEEP
  
  49152:lFAZOskMJnefYZ3AXGIrShvBTA1CkYp3NJ9:6ONuUI8GbvBTA1ypr
Score

10^/10

netwire botnet rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Executes dropped EXE
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

netwirebotnetratstealer