Overview

overview

10

Static

static

10

984071c005...d7.exe

windows7-x64

10

984071c005...d7.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    984071c0054069029075b43afe125cd12bc3f9f70e384ca023cf70ea76a326d7.zip

  • Size

    4.8MB

  • Sample

    230420-khf3xagf35

  • MD5

    c4a4b66d56c0febcde599bbd8acaf90b

  • SHA1

    bcd75d096348828096eb2ce1ce87285762f46d0f

  • SHA256

    8360f1e7b38051f681cd1b492a5562eef992a6c563b3e40cbd282f84c4f7381f

  • SHA512

    df9ea9c74376b6219c535b1e90785a7c9417777a86ae95638bc91e067f14c748126af4e92f04d84cf589985ef7aeeb5c447558355a392c9a789dfb3367fd5e08

  • SSDEEP

    98304:zlqA41iEIX0rQMEzR/2WZSBChV5ChLgkTpgtNEAluSEmnKuf:zL4Y9XqQNzcWAs20lpKuf

Score
10/10
netwirebotnetratstealer

Malware Config

Extracted

Family

netwire

C2

s2awscloudupdates.com:8081

Attributes
  • activex_autorun

    false

  • copy_executable

    false

  • delete_original

    false

  • host_id

    HostId-%Rand%

  • lock_executable

    false

  • offline_keylogger

    false

  • password

    happy666

  • registry_autorun

    false

  • use_mutex

    false

Targets

    • Target

      984071c0054069029075b43afe125cd12bc3f9f70e384ca023cf70ea76a326d7

    • Size

      9.1MB

    • MD5

      d037a430034a3d80c1ab9573c8c0b5a3

    • SHA1

      abfc45d543920e955b9016dbc2e461ff862a5c7f

    • SHA256

      984071c0054069029075b43afe125cd12bc3f9f70e384ca023cf70ea76a326d7

    • SHA512

      806a41f2ce4821e507ae615a5e501128a6854e3468369010f67a3f70a65bfef18c5c473f6347ecccf997d5d0b2ccce86018fcb2740296718ccda5ba6da0f230b

    • SSDEEP

      196608:y10ZfU3tLT+MeZQ1DTXP2NJEIYJ91TmKmt5p:ymZfU3AZQ1TXwEIYFTnmt

    Score
    10/10
    netwirebotnetratstealer

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks