netwire | 3a216b9390f1c46b8e49d43c63211a76e236510ef545eda83ddd8084f605f956 | Triage

Submit
Reports

Overview

overview

Static

static

5

OInstall.exe

windows10-1703-x64

Sharing

General

Target

OInstall.exe
Size

15.2MB
Sample

240116-q6xcpadef4
MD5

38be94769e4f59d9a90e551e505c2e07
SHA1

cac71ca2dd32cbe99614870ef01851e0d54bff84
SHA256

3a216b9390f1c46b8e49d43c63211a76e236510ef545eda83ddd8084f605f956
SHA512

47ef669a5be744235e10ba65d7deb8bdd46544cd6dc4532fa4b43fdc3b5d9b6b49febbef8906870b321281c47ca45f9b679e65eabfeffbf6deffc96fa27e24a5
SSDEEP

393216:J8/uxLqG0/kfQslis6SAVDfINRPcji3Zhtnh0:Bv0/kr8s6SA5QUji3ZhtnK

Score

10^/10

netwire botnet rat stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

OInstall.exe

Resource

win10-20231215-en

netwire botnet rat stealer

windows10-1703-x64

12 signatures

300 seconds

Malware Config

Extracted

Family

netwire

C2

qayshaija.ddns.net:1515

Attributes

activex_autorun
false
copy_executable
false
delete_original
false
host_id
HostId-%Rand%
keylogger_dir
%AppData%\Logs\
lock_executable
false
offline_keylogger
true
password
Password
registry_autorun
false
use_mutex
false

Targets

- Target
  
  OInstall.exe
- Size
  
  15.2MB
- MD5
  
  38be94769e4f59d9a90e551e505c2e07
- SHA1
  
  cac71ca2dd32cbe99614870ef01851e0d54bff84
- SHA256
  
  3a216b9390f1c46b8e49d43c63211a76e236510ef545eda83ddd8084f605f956
- SHA512
  
  47ef669a5be744235e10ba65d7deb8bdd46544cd6dc4532fa4b43fdc3b5d9b6b49febbef8906870b321281c47ca45f9b679e65eabfeffbf6deffc96fa27e24a5
- SSDEEP
  
  393216:J8/uxLqG0/kfQslis6SAVDfINRPcji3Zhtnh0:Bv0/kr8s6SA5QUji3ZhtnK
Score

10^/10

netwire botnet rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

netwirebotnetratstealer

© 2018-2025

Terms | Privacy