netwire | 6e318257ff61f8aeff03704c59af6d66f52b4ae7fe36ab8b715db00694cad13a | Triage

Submit
Reports

Overview

overview

Static

static

3

0332c0b39b...7d.exe

windows7-x64

0332c0b39b...7d.exe

windows10-2004-x64

3

Sharing

General

Target

0332c0b39be14a0fbfbb0689bdd2027d
Size

530KB
Sample

231224-slctnaedg6
MD5

0332c0b39be14a0fbfbb0689bdd2027d
SHA1

cc98db2d9f83f7a7685219808ae9ae5414110747
SHA256

6e318257ff61f8aeff03704c59af6d66f52b4ae7fe36ab8b715db00694cad13a
SHA512

fd06c301590a05cb26c0026ce2a3f560a345cc2e63f563fe6958db48513994550e5f25d54f312be3c108c96645cf7cc41448fc5b05ca7a57aa15cfc6768b0a55
SSDEEP

6144:3FX9qqKGPBcwqh3SBL2S/93+RosoV9cVGP0mnGF1Q5QDNWmuSYNKFpqrT5phv:3ivGPOEv3+RRe9cVXbqyDNtIrbd

Score

10^/10

netwire botnet rat stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0332c0b39be14a0fbfbb0689bdd2027d.exe

Resource

win7-20231215-en

netwire botnet rat stealer

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

0332c0b39be14a0fbfbb0689bdd2027d.exe

Resource

win10v2004-20231222-en

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Extracted

Family

netwire

C2

warin.hopto.org:4320

Attributes

activex_autorun
false
copy_executable
false
delete_original
false
host_id
HostId-OYYeak
keylogger_dir
C:\Users\Admin\AppData\Roaming\Logs\
lock_executable
false
offline_keylogger
true
password
Password
registry_autorun
false
use_mutex
false

Targets

- Target
  
  0332c0b39be14a0fbfbb0689bdd2027d
- Size
  
  530KB
- MD5
  
  0332c0b39be14a0fbfbb0689bdd2027d
- SHA1
  
  cc98db2d9f83f7a7685219808ae9ae5414110747
- SHA256
  
  6e318257ff61f8aeff03704c59af6d66f52b4ae7fe36ab8b715db00694cad13a
- SHA512
  
  fd06c301590a05cb26c0026ce2a3f560a345cc2e63f563fe6958db48513994550e5f25d54f312be3c108c96645cf7cc41448fc5b05ca7a57aa15cfc6768b0a55
- SSDEEP
  
  6144:3FX9qqKGPBcwqh3SBL2S/93+RosoV9cVGP0mnGF1Q5QDNWmuSYNKFpqrT5phv:3ivGPOEv3+RRe9cVXbqyDNtIrbd
Score

10^/10

netwire botnet rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

netwirebotnetratstealer

behavioral2

© 2018-2025

Terms | Privacy