netwire | 50c20a61869603cadc7b1d2a4c7a97f870a1a3ca760138a67ee58f445926fe24 | Triage

Submit
Reports

Overview

overview

Static

static

3

b722857a2e...24.exe

windows7-x64

b722857a2e...24.exe

windows10-2004-x64

Sharing

General

Target

b722857a2e6973e5a0b7a4a156a5c124
Size

2.9MB
Sample

240306-lx1xasgc9y
MD5

b722857a2e6973e5a0b7a4a156a5c124
SHA1

fe29fbb1cc39f88bc6e79ae590ab484e77d939f7
SHA256

50c20a61869603cadc7b1d2a4c7a97f870a1a3ca760138a67ee58f445926fe24
SHA512

ee5add3504db24555af10e02eed92491a058a924be48cced9aada05cd3ae284a14041fc3c33dc7cb83efd7725232e63c5819393eb1ac9878cccfcab12eb74126
SSDEEP

24576:MB/8Nnxg99IlM4dtxAuWRLRFRYPqSnOzAIPNo6H9lgLxd4Bn1sw4jKn3Zgf2YSNk:M4ni9p36O8JoXhojUpO2YS4/XVwR+

Score

10^/10

netwire botnet rat stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b722857a2e6973e5a0b7a4a156a5c124.exe

Resource

win7-20240221-en

netwire botnet rat stealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

b722857a2e6973e5a0b7a4a156a5c124.exe

Resource

win10v2004-20240226-en

netwire botnet rat stealer

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

netwire

C2

vesta.giize.com:1604

Attributes

activex_autorun
false
copy_executable
false
delete_original
false
host_id
HostId-%Rand%
lock_executable
false
offline_keylogger
false
password
Password
registry_autorun
false
use_mutex
false

Targets

- Target
  
  b722857a2e6973e5a0b7a4a156a5c124
- Size
  
  2.9MB
- MD5
  
  b722857a2e6973e5a0b7a4a156a5c124
- SHA1
  
  fe29fbb1cc39f88bc6e79ae590ab484e77d939f7
- SHA256
  
  50c20a61869603cadc7b1d2a4c7a97f870a1a3ca760138a67ee58f445926fe24
- SHA512
  
  ee5add3504db24555af10e02eed92491a058a924be48cced9aada05cd3ae284a14041fc3c33dc7cb83efd7725232e63c5819393eb1ac9878cccfcab12eb74126
- SSDEEP
  
  24576:MB/8Nnxg99IlM4dtxAuWRLRFRYPqSnOzAIPNo6H9lgLxd4Bn1sw4jKn3Zgf2YSNk:M4ni9p36O8JoXhojUpO2YS4/XVwR+
Score

10^/10

netwire botnet rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

netwirebotnetratstealer

behavioral2

netwirebotnetratstealer

© 2018-2025

Terms | Privacy