Overview

overview

10

Static

static

10

3647BACE25...F9.exe

windows7-x64

10

3647BACE25...F9.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    08-04-2023 14:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3647BACE25F94430A534ABA8ABA08A731571AB2AB22F9.exe

  • Size

    132KB

  • MD5

    58d02ed4bc010363facf162ac2976905

  • SHA1

    0fdbd386a4cd8ac2edbd32a32a2fd5e8263bc38c

  • SHA256

    3647bace25f94430a534aba8aba08a731571ab2ab22f95ac209096e2c32ef81c

  • SHA512

    3287fee2405d95e03032339306253abb97d5c95b1da988f827192b4ca2c52615e271cf3f5ac58a3e3cb6a175b15d70300f86078f39145470391c0c9843daf673

  • SSDEEP

    1536:dtTSUSKzF0Lh9a7WraTWFbmDHVXWRVAzZ8MfUSl7Q3rw75ggZG:dt5SKzF0Lh9a7IGW9GHeOFVvc3rKZG

Score
10/10
netwirebotnetratstealer

Malware Config

Extracted

Family

netwire

C2

majika.gotdns.ch:1120

nik.pointto.us:1120

nikouh.pointto.us:1120
Attributes
  • activex_autorun

    false

  • copy_executable

    false

  • delete_original

    false

  • host_id

    naza

  • keylogger_dir

    C:\Users\Admin\AppData\Roaming\Logs\

  • lock_executable

    true

  • mutex

    CVkJEjPx

  • offline_keylogger

    true

  • password

    vodka

  • registry_autorun

    false

  • use_mutex

    true

Signatures

  • NetWire RAT payload 4 IoCs
    rat
  • Netwire

    Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    botnetstealernetwire

Processes

  • C:\Users\Admin\AppData\Local\Temp\3647BACE25F94430A534ABA8ABA08A731571AB2AB22F9.exe
    "C:\Users\Admin\AppData\Local\Temp\3647BACE25F94430A534ABA8ABA08A731571AB2AB22F9.exe"
    1⤵
      PID:1308

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1308-54-0x0000000000400000-0x000000000042C000-memory.dmp
      Filesize

      176KB

      Download
    • memory/1308-56-0x0000000000400000-0x000000000042C000-memory.dmp
      Filesize

      176KB

      Download
    • memory/1308-64-0x0000000000400000-0x000000000042C000-memory.dmp
      Filesize

      176KB

      Download
    • memory/1308-66-0x0000000000400000-0x000000000042C000-memory.dmp
      Filesize

      176KB

      Download