netwire | a9189b815c696214f9c7297e0ee9d6ecfff9bcf7e7064651dc3d64522d922b8d | Triage

Submit
Reports

Overview

overview

Static

static

3

a9189b815c...8d.exe

windows7-x64

a9189b815c...8d.exe

windows10-2004-x64

Sharing

General

Target

a9189b815c696214f9c7297e0ee9d6ecfff9bcf7e7064651dc3d64522d922b8d
Size

869KB
Sample

240226-147qrahf52
MD5

996fd0a78c7ca69f0f5e2beecb9fb1c4
SHA1

0c7a6da13a2e59fd9d1932f7c365a367a957745d
SHA256

a9189b815c696214f9c7297e0ee9d6ecfff9bcf7e7064651dc3d64522d922b8d
SHA512

e48e6cc71d9046c92fb092c843d38a107b951ba300941cf22f08c1bac4d553900312ef530a8110136349a39ccc3c99ddf036bde9de9951c42098d91b92f45621
SSDEEP

24576:QmRwOiAUVxhgnMtPRNT4eDc4Qv4n4DS0I2io2JYgR:QMfOxP7T4eo4K4n7AH4

Score

10^/10

netwire botnet rat stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a9189b815c696214f9c7297e0ee9d6ecfff9bcf7e7064651dc3d64522d922b8d.exe

Resource

win7-20240221-en

netwire botnet rat stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

a9189b815c696214f9c7297e0ee9d6ecfff9bcf7e7064651dc3d64522d922b8d.exe

Resource

win10v2004-20240226-en

netwire botnet rat stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

netwire

C2

saturdaylivecheckthisout.duckdns.org:3360

Attributes

activex_autorun
false
copy_executable
false
delete_original
false
host_id
HostId-%Rand%
lock_executable
false
mutex
hPWLUfVE
offline_keylogger
false
password
Password
registry_autorun
false
use_mutex
false

Targets

- Target
  
  a9189b815c696214f9c7297e0ee9d6ecfff9bcf7e7064651dc3d64522d922b8d
- Size
  
  869KB
- MD5
  
  996fd0a78c7ca69f0f5e2beecb9fb1c4
- SHA1
  
  0c7a6da13a2e59fd9d1932f7c365a367a957745d
- SHA256
  
  a9189b815c696214f9c7297e0ee9d6ecfff9bcf7e7064651dc3d64522d922b8d
- SHA512
  
  e48e6cc71d9046c92fb092c843d38a107b951ba300941cf22f08c1bac4d553900312ef530a8110136349a39ccc3c99ddf036bde9de9951c42098d91b92f45621
- SSDEEP
  
  24576:QmRwOiAUVxhgnMtPRNT4eDc4Qv4n4DS0I2io2JYgR:QMfOxP7T4eo4K4n7AH4
Score

10^/10

netwire botnet rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

netwirebotnetratstealer

behavioral2

netwirebotnetratstealer

© 2018-2025

Terms | Privacy