netwire | 1a2c28a7682c26ddb97885fc056dc72b2c2df437c5fa3031226e34775095df06 | Triage

Submit
Reports

Overview

overview

Static

static

5

1A2C28A768...A3.exe

windows7-x64

1A2C28A768...A3.exe

windows10-2004-x64

Sharing

General

Target

1A2C28A7682C26DDB97885FC056DC72B2C2DF437C5FA3.exe
Size

1.1MB
Sample

230502-16kzrscg76
MD5

9c6d1aca02db373a52401485c376d87e
SHA1

9cc4435729a11d7c524d761b67de508b4474b206
SHA256

1a2c28a7682c26ddb97885fc056dc72b2c2df437c5fa3031226e34775095df06
SHA512

9f4aaadf939a97e2354f18ef1943594edf2c6eb04852e4fecc68ff1eeee9146ff1ec1ac26191f8c9435e39b765da23f14aa835313de670d3235e6b4eb890955d
SSDEEP

24576:iCdxte/80jYLT3U1jfsWa/69ryeoEuGfYsoRzDQ:zw80cTsjkWa/FR4

Score

10^/10

netwire botnet rat stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

1A2C28A7682C26DDB97885FC056DC72B2C2DF437C5FA3.exe

Resource

win7-20230220-en

netwire botnet rat stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

1A2C28A7682C26DDB97885FC056DC72B2C2DF437C5FA3.exe

Resource

win10v2004-20230220-en

netwire botnet rat stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

netwire

C2

halwachi50.mymediapc.net:5868

Attributes

activex_autorun
false
copy_executable
true
delete_original
false
host_id
HostId-%Rand%
install_path
%AppData%\Install\Host.exe
keylogger_dir
%AppData%\Logs\
lock_executable
true
offline_keylogger
true
password
Password
registry_autorun
false
use_mutex
false

Targets

- Target
  
  1A2C28A7682C26DDB97885FC056DC72B2C2DF437C5FA3.exe
- Size
  
  1.1MB
- MD5
  
  9c6d1aca02db373a52401485c376d87e
- SHA1
  
  9cc4435729a11d7c524d761b67de508b4474b206
- SHA256
  
  1a2c28a7682c26ddb97885fc056dc72b2c2df437c5fa3031226e34775095df06
- SHA512
  
  9f4aaadf939a97e2354f18ef1943594edf2c6eb04852e4fecc68ff1eeee9146ff1ec1ac26191f8c9435e39b765da23f14aa835313de670d3235e6b4eb890955d
- SSDEEP
  
  24576:iCdxte/80jYLT3U1jfsWa/69ryeoEuGfYsoRzDQ:zw80cTsjkWa/FR4
Score

10^/10

netwire botnet rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Executes dropped EXE
- Loads dropped DLL
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

netwirebotnetratstealer

behavioral2

netwirebotnetratstealer

© 2018-2024

Terms | Privacy