Overview

overview

10

Static

static

3

84b14ea316...b3.exe

windows7-x64

10

84b14ea316...b3.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    84b14ea31625a08d6e8573a9a0c9ebb3

  • Size

    824KB

  • Sample

    240131-r5stjsgcdn

  • MD5

    84b14ea31625a08d6e8573a9a0c9ebb3

  • SHA1

    ee0e1faeb7dced32e7a8460d996cdfe08dfc3cdd

  • SHA256

    a73a4e8cd40628ead3c5a597128a98797fe4c8fef809fb0e42c1fdc13924f4f3

  • SHA512

    01e9ec4e4c6b65fc723815b402bd914cdf7bec96b39e3ec5eeb9b58b261fe631887486a37fc88f0e776eb286ac0e98881eb6ed0c225aed90000ec2e6e2de2879

  • SSDEEP

    24576:mKB7hdynuOwvf3aDtOWT3WWedvss7mo5oFCEkv:hBWnu93+OWT3W7dkiosv

Score
10/10
netwirebotnetratstealer

Malware Config

Extracted

Family

netwire

C2

night90.ddns.net:8999

Attributes
  • activex_autorun

    false

  • copy_executable

    false

  • delete_original

    false

  • host_id

    New-stub

  • keylogger_dir

    %AppData%\Logs\

  • lock_executable

    true

  • mutex

    soHOGwSb

  • offline_keylogger

    true

  • password

    teamoluwa1

  • registry_autorun

    false

  • use_mutex

    true

Targets

    • Target

      84b14ea31625a08d6e8573a9a0c9ebb3

    • Size

      824KB

    • MD5

      84b14ea31625a08d6e8573a9a0c9ebb3

    • SHA1

      ee0e1faeb7dced32e7a8460d996cdfe08dfc3cdd

    • SHA256

      a73a4e8cd40628ead3c5a597128a98797fe4c8fef809fb0e42c1fdc13924f4f3

    • SHA512

      01e9ec4e4c6b65fc723815b402bd914cdf7bec96b39e3ec5eeb9b58b261fe631887486a37fc88f0e776eb286ac0e98881eb6ed0c225aed90000ec2e6e2de2879

    • SSDEEP

      24576:mKB7hdynuOwvf3aDtOWT3WWedvss7mo5oFCEkv:hBWnu93+OWT3W7dkiosv

    Score
    10/10
    netwirebotnetratstealer

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks