netwire | fc0bba04948a745d390a4eec0f86b470e441e2f71250ec6321eb848b96a19961 | Triage

Submit
Reports

Overview

overview

Static

static

3

232f6a9626...68.exe

windows7-x64

232f6a9626...68.exe

windows10-2004-x64

1

Sharing

General

Target

232f6a9626c5797232c775ca53233b68
Size

297KB
Sample

231231-b45tqafhhp
MD5

232f6a9626c5797232c775ca53233b68
SHA1

b4e06faf3cc8c5478050cd52da7da3fc48d791d8
SHA256

fc0bba04948a745d390a4eec0f86b470e441e2f71250ec6321eb848b96a19961
SHA512

ea6c715b6e9402f787db10c80960805a3998d6a95325b3ab4f21884ad111970c93e7ed215ee19270d2f22d848e50ed865a58896249cbd3fe91e129e62a32557d
SSDEEP

6144:3bjy2rtepPpf7h263PnifmrPX+zNS9MP2KDdPTE7FVfPWl:3bWtf7Z3PnFWNEMP2YZ67

Score

10^/10

netwire botnet rat stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

232f6a9626c5797232c775ca53233b68.exe

Resource

win7-20231215-en

netwire botnet rat stealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

232f6a9626c5797232c775ca53233b68.exe

Resource

win10v2004-20231215-en

windows10-2004-x64

0 signatures

150 seconds

Malware Config

Extracted

Family

netwire

C2

naval.duckdns.org:4997

Attributes

activex_autorun
false
copy_executable
false
delete_original
false
host_id
HostId-%Rand%
keylogger_dir
%AppData%\Logs\
lock_executable
false
offline_keylogger
true
password
Password
registry_autorun
false
use_mutex
false

Targets

- Target
  
  232f6a9626c5797232c775ca53233b68
- Size
  
  297KB
- MD5
  
  232f6a9626c5797232c775ca53233b68
- SHA1
  
  b4e06faf3cc8c5478050cd52da7da3fc48d791d8
- SHA256
  
  fc0bba04948a745d390a4eec0f86b470e441e2f71250ec6321eb848b96a19961
- SHA512
  
  ea6c715b6e9402f787db10c80960805a3998d6a95325b3ab4f21884ad111970c93e7ed215ee19270d2f22d848e50ed865a58896249cbd3fe91e129e62a32557d
- SSDEEP
  
  6144:3bjy2rtepPpf7h263PnifmrPX+zNS9MP2KDdPTE7FVfPWl:3bWtf7Z3PnFWNEMP2YZ67
Score

10^/10

netwire botnet rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

netwirebotnetratstealer

behavioral2

© 2018-2025

Terms | Privacy