netwire | f4847c104fe539b564332b0a7a3ab3d83c046335a9ef7ce700d921b67834c249 | Triage

Submit
Reports

Overview

overview

Static

static

3

dce630587d...99.exe

windows7-x64

dce630587d...99.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

dce630587d764f269da604a1f3637b99
Size

305KB
Sample

231222-s37qcsacej
MD5

dce630587d764f269da604a1f3637b99
SHA1

f8055d5c3f54a76db454be3c47e7c6452e7e05d0
SHA256

f4847c104fe539b564332b0a7a3ab3d83c046335a9ef7ce700d921b67834c249
SHA512

d3e8a357cc33694419813c3dfd29d5d30dfa2cbf96c6f3935808d1a29db07d7ef2412d605011ce708b4271d6e59e4929f654701c07e1c1597208102404811313
SSDEEP

6144:LHPhCICIBLCTodEEOYchRR5TCwMQLva+StyYKU/WuH:FGfxnvCwTD5U/Wu

Score

10^/10

netwire botnet rat stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

dce630587d764f269da604a1f3637b99.exe

Resource

win7-20231215-en

netwire botnet rat stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

dce630587d764f269da604a1f3637b99.exe

Resource

win10v2004-20231215-en

netwire botnet rat stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

netwire

C2

bright1.awsmppl.com:4770

Attributes

activex_autorun
false
copy_executable
false
delete_original
false
host_id
HostId-%Rand%
keylogger_dir
%AppData%\Logs\
lock_executable
false
offline_keylogger
true
password
Password
registry_autorun
false
use_mutex
false

Targets

- Target
  
  dce630587d764f269da604a1f3637b99
- Size
  
  305KB
- MD5
  
  dce630587d764f269da604a1f3637b99
- SHA1
  
  f8055d5c3f54a76db454be3c47e7c6452e7e05d0
- SHA256
  
  f4847c104fe539b564332b0a7a3ab3d83c046335a9ef7ce700d921b67834c249
- SHA512
  
  d3e8a357cc33694419813c3dfd29d5d30dfa2cbf96c6f3935808d1a29db07d7ef2412d605011ce708b4271d6e59e4929f654701c07e1c1597208102404811313
- SSDEEP
  
  6144:LHPhCICIBLCTodEEOYchRR5TCwMQLva+StyYKU/WuH:FGfxnvCwTD5U/Wu
Score

10^/10

netwire botnet rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

netwirebotnetratstealer

behavioral2

netwirebotnetratstealer

© 2018-2025

Terms | Privacy