Overview

overview

10

Static

static

10

88ba7e0ba1...3f.exe

windows7-x64

10

88ba7e0ba1...3f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0f9a0f87d345043fe299242869d0bd40.bin

  • Size

    83KB

  • Sample

    230215-bc6lyahc56

  • MD5

    30ba0e354e3f3b7e5cc27233a4ed7e77

  • SHA1

    a6c580be05b6145d04b9341ad69bf8de626be596

  • SHA256

    7639cc5e795fb086c679071f7ff7b28b50ebae5e6f25d241c73a557df5116376

  • SHA512

    04a7a03b2dd13cf8f1b1581b20dc720b37511372ae1790116297590b30bc3c29fc322852892ba5ba2a15d9014462239a42d88008305ffdac5a8c465ed0d3ac94

  • SSDEEP

    1536:P2YSRj4Q1/PkRBFjAO23pEKh4elwGaxJeaZz3l6ZOvHXTW9OV+0Qys8D3yv4W0b1:PnSi6/Pk79n23paPl6ZO76Ok0QcDCQWm

Score
10/10
netwirebotnetratstealer

Malware Config

Extracted

Family

netwire

C2

101.99.94.212:3365

Attributes
  • activex_autorun

    false

  • copy_executable

    false

  • delete_original

    false

  • host_id

    HostId-%Rand%

  • keylogger_dir

    %AppData%\Logs\

  • lock_executable

    false

  • offline_keylogger

    true

  • password

    Password

  • registry_autorun

    false

  • use_mutex

    false

Targets

    • Target

      88ba7e0ba10304a03661c41a262e6c84ff67d37e7d56a174ca8a64ee36b0f03f.exe

    • Size

      160KB

    • MD5

      0f9a0f87d345043fe299242869d0bd40

    • SHA1

      9daec976b7832eb7d07aeb63dba737a3aec0e159

    • SHA256

      88ba7e0ba10304a03661c41a262e6c84ff67d37e7d56a174ca8a64ee36b0f03f

    • SHA512

      fe767e65698df5d7c7a4e43b5740591be82020eb854acbc21ad880625e589ed5faaf1d9833bf2d2454e0711abc21f32196c4e78fb09905558dfd98757d574d8d

    • SSDEEP

      3072:jOzPcXa+ND32eioGHlz8rnAE0HCXh0edLvuYMjMqqDvFf:jOTcK+NrRioGHlz8rz0i/uzQqqDvFf

    Score
    10/10
    netwirebotnetstealer

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks