netwire | 47e414e7c20d290c1fbb8dbfd92d2a95f2835fba4f0fe24e44f9694e0f241497 | Triage

Submit
Reports

Overview

overview

Static

static

5

47e414e7c2...97.exe

windows7-x64

5

47e414e7c2...97.exe

windows10-2004-x64

Sharing

General

Target

47e414e7c20d290c1fbb8dbfd92d2a95f2835fba4f0fe24e44f9694e0f241497
Size

1.0MB
Sample

240229-lqytcsde46
MD5

c0c694f4c32ba8c3958923030644c7fc
SHA1

5c8e2dd12e494d12aa9128787cd893a0cd68223b
SHA256

47e414e7c20d290c1fbb8dbfd92d2a95f2835fba4f0fe24e44f9694e0f241497
SHA512

af7e2d0fe8a23896967e88ea669608c52589c17159042d05e426e1ed63e8f0440926120cda0bde796ce6aa0d09948c94862352ebe252a9b4f66529c004c40588
SSDEEP

24576:r4lavt0LkLL9IMixoEFNYQLDTqkM70PqCEVq9MmCS:+kwkn9IMSNYQOZQloaPCS

Score

10^/10

netwire botnet rat stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

47e414e7c20d290c1fbb8dbfd92d2a95f2835fba4f0fe24e44f9694e0f241497.exe

Resource

win7-20240221-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

47e414e7c20d290c1fbb8dbfd92d2a95f2835fba4f0fe24e44f9694e0f241497.exe

Resource

win10v2004-20240226-en

netwire botnet rat stealer

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

netwire

C2

godisgood247.duckdns.org:5493

Attributes

activex_autorun
false
copy_executable
false
delete_original
false
host_id
HostId-%Rand%
keylogger_dir
%AppData%\Logs\
lock_executable
false
offline_keylogger
true
password
Password
registry_autorun
false
use_mutex
false

Targets

- Target
  
  47e414e7c20d290c1fbb8dbfd92d2a95f2835fba4f0fe24e44f9694e0f241497
- Size
  
  1.0MB
- MD5
  
  c0c694f4c32ba8c3958923030644c7fc
- SHA1
  
  5c8e2dd12e494d12aa9128787cd893a0cd68223b
- SHA256
  
  47e414e7c20d290c1fbb8dbfd92d2a95f2835fba4f0fe24e44f9694e0f241497
- SHA512
  
  af7e2d0fe8a23896967e88ea669608c52589c17159042d05e426e1ed63e8f0440926120cda0bde796ce6aa0d09948c94862352ebe252a9b4f66529c004c40588
- SSDEEP
  
  24576:r4lavt0LkLL9IMixoEFNYQLDTqkM70PqCEVq9MmCS:+kwkn9IMSNYQOZQloaPCS
Score

10^/10

netwire botnet rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

netwirebotnetratstealer

© 2018-2025

Terms | Privacy