Overview

overview

10

Static

static

1

DOC-10347-...ls.exe

windows7-x64

1

DOC-10347-...ls.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DOC-10347-1107-603xls.exe

  • Size

    2.3MB

  • Sample

    230215-pswzbsbg28

  • MD5

    85a0b4384567f255ce2c6aa31411f914

  • SHA1

    bfe922afebddb2416c59cee7cbfede2243f4da88

  • SHA256

    c57867c77934d584b00c6294a3b820fc669b686f9b78a784b1ff9e8379eb90b8

  • SHA512

    9fe9e36a1b40f1ef4cfb81d7eadd74ae762e492f36b60528385d15a914c5dd4b6172c495dd9fad10221be70b102ddbbf639b3ff2d609fe2df67e0365787c60a3

  • SSDEEP

    24576:ykWAgJgjQGYdlYj9Ebd1rfDsbQv3U98RfoKEd5:9jQGYPRosAd5

Score
10/10
netwirebotnetratstealer

Malware Config

Extracted

Family

netwire

C2

19ap22.duckdns.org:3333

Attributes
  • activex_autorun

    false

  • copy_executable

    false

  • delete_original

    false

  • host_id

    Jan9

  • lock_executable

    false

  • mutex

    xIxGEcbP

  • offline_keylogger

    false

  • password

    Password

  • registry_autorun

    false

  • use_mutex

    false

Targets

    • Target

      DOC-10347-1107-603xls.exe

    • Size

      2.3MB

    • MD5

      85a0b4384567f255ce2c6aa31411f914

    • SHA1

      bfe922afebddb2416c59cee7cbfede2243f4da88

    • SHA256

      c57867c77934d584b00c6294a3b820fc669b686f9b78a784b1ff9e8379eb90b8

    • SHA512

      9fe9e36a1b40f1ef4cfb81d7eadd74ae762e492f36b60528385d15a914c5dd4b6172c495dd9fad10221be70b102ddbbf639b3ff2d609fe2df67e0365787c60a3

    • SSDEEP

      24576:ykWAgJgjQGYdlYj9Ebd1rfDsbQv3U98RfoKEd5:9jQGYPRosAd5

    Score
    10/10
    netwirebotnetratstealer

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks