Overview

overview

10

Static

static

3

68127baac5...9b.exe

windows7-x64

10

68127baac5...9b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    68127baac5cc72ffe0cd709fe766b29b

  • Size

    225KB

  • Sample

    240119-tp5vaaaba3

  • MD5

    68127baac5cc72ffe0cd709fe766b29b

  • SHA1

    9c687b6a50db829a86bce661215ba2f236f715c3

  • SHA256

    f4e0f4719e1913eb95dbceb89fd0fe40eb566a03382aa32f920fe1cfa44fde95

  • SHA512

    dacd8b815a6c4660ec57e458a52c6603f134e34acf84d15d4e2bb8402e32a8696dc3c9f0a8c2c6a53f442fef076d1b8749f9f4af29d70f04cf11d740d4eb9ac9

  • SSDEEP

    6144:akzo7MV7dhBSSf6Ho9pLjkdJipW7EcorkQy:akMYVB9CIX+eRr

Score
10/10
netwirebotnetratstealer

Malware Config

Extracted

Family

netwire

C2

vegan.giize.com:1604

Attributes
  • activex_autorun

    false

  • copy_executable

    false

  • delete_original

    false

  • host_id

    HostId-%Rand%

  • lock_executable

    false

  • offline_keylogger

    false

  • password

    Password

  • registry_autorun

    false

  • use_mutex

    false

Targets

    • Target

      68127baac5cc72ffe0cd709fe766b29b

    • Size

      225KB

    • MD5

      68127baac5cc72ffe0cd709fe766b29b

    • SHA1

      9c687b6a50db829a86bce661215ba2f236f715c3

    • SHA256

      f4e0f4719e1913eb95dbceb89fd0fe40eb566a03382aa32f920fe1cfa44fde95

    • SHA512

      dacd8b815a6c4660ec57e458a52c6603f134e34acf84d15d4e2bb8402e32a8696dc3c9f0a8c2c6a53f442fef076d1b8749f9f4af29d70f04cf11d740d4eb9ac9

    • SSDEEP

      6144:akzo7MV7dhBSSf6Ho9pLjkdJipW7EcorkQy:akMYVB9CIX+eRr

    Score
    10/10
    netwirebotnetratstealer

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks