netwire | 1f64ef3c5f7690033cf54608c3f4ba61a99c1494a2a2d5aa06f8b6634d8e305b | Triage

Sharing

General

Target

1f64ef3c5f7690033cf54608c3f4ba61a99c1494a2a2d5aa06f8b6634d8e305b
Size

2.9MB
Sample

231125-lvsg5sae81
MD5

2b5eca0c8dcfd123b1790a137feb4146
SHA1

57ba47e17ab6de85a6cefa26b3b80a0efa72d4e5
SHA256

1f64ef3c5f7690033cf54608c3f4ba61a99c1494a2a2d5aa06f8b6634d8e305b
SHA512

94058f6b34f3820130571aec3f82fc89a3ba4198b65fe80e705f82ee7187ac2027ffe054ddabf945c7fff4db36224c74c95e1756ed755de7ea13dfb142c40a94
SSDEEP

49152:Qmd9Cf3Vvwxrb/T2vO90d7HjmAFd4A64nsfJdVfZgXKRQHfDTJz1jStov0hlZ0Az:+3qH8qo8V0A

Score

10^/10

netwire botnet rat stealer

Malware Config

Extracted

Family

netwire

C2

127.0.0.1:3360

needforrat.hopto.org:3360

Attributes

activex_autorun
false
copy_executable
false
delete_original
false
host_id
HostId-%Rand%
keylogger_dir
TestLink.lnk
lock_executable
false
mutex
JjkhHVmd
offline_keylogger
false
password
Password
registry_autorun
false
use_mutex
false

Targets

- Target
  
  1f64ef3c5f7690033cf54608c3f4ba61a99c1494a2a2d5aa06f8b6634d8e305b
- Size
  
  2.9MB
- MD5
  
  2b5eca0c8dcfd123b1790a137feb4146
- SHA1
  
  57ba47e17ab6de85a6cefa26b3b80a0efa72d4e5
- SHA256
  
  1f64ef3c5f7690033cf54608c3f4ba61a99c1494a2a2d5aa06f8b6634d8e305b
- SHA512
  
  94058f6b34f3820130571aec3f82fc89a3ba4198b65fe80e705f82ee7187ac2027ffe054ddabf945c7fff4db36224c74c95e1756ed755de7ea13dfb142c40a94
- SSDEEP
  
  49152:Qmd9Cf3Vvwxrb/T2vO90d7HjmAFd4A64nsfJdVfZgXKRQHfDTJz1jStov0hlZ0Az:+3qH8qo8V0A
Score

10^/10

netwire botnet rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Drops startup file
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

netwirebotnetratstealer