netwire | 33dc068bbb208a5812f58cc18be54c7b6602c41a3fb33be365d0a200579d4126 | Triage

Submit
Reports

Overview

overview

Static

static

3

33dc068bbb...26.exe

windows7-x64

33dc068bbb...26.exe

windows10-2004-x64

Sharing

General

Target

33dc068bbb208a5812f58cc18be54c7b6602c41a3fb33be365d0a200579d4126
Size

153KB
Sample

240310-y54dlsbc59
MD5

4d68b6296c3c2be8ff00957f424ac629
SHA1

93d6f5442823594f5409b6f379cf9825d71597da
SHA256

33dc068bbb208a5812f58cc18be54c7b6602c41a3fb33be365d0a200579d4126
SHA512

5d098d92cb67f5af99bfaffed4f7d481b1ceb9c0a36e9e5c0305f332e3996ebcd450a0e08cb3874bdbdf906b0c4b0166110f96abf6853cbdff82d85f1597366e
SSDEEP

3072:6o6drfyifGppnIb/qjWteiTs215zeVJ9ikfzrvGsDA:6ljujnv2eideVJ97f/vGsD

Score

10^/10

netwire agilenet botnet rat stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

33dc068bbb208a5812f58cc18be54c7b6602c41a3fb33be365d0a200579d4126.exe

Resource

win7-20240220-en

netwire agilenet botnet rat stealer

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

33dc068bbb208a5812f58cc18be54c7b6602c41a3fb33be365d0a200579d4126.exe

Resource

win10v2004-20240226-en

netwire agilenet botnet rat stealer

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Extracted

Family

netwire

C2

162.246.19.20:3360

Attributes

activex_autorun
false
copy_executable
false
delete_original
false
host_id
HostId-%Rand%
keylogger_dir
%AppData%\Logs\
lock_executable
false
offline_keylogger
true
password
Password
registry_autorun
false
use_mutex
false

Targets

- Target
  
  33dc068bbb208a5812f58cc18be54c7b6602c41a3fb33be365d0a200579d4126
- Size
  
  153KB
- MD5
  
  4d68b6296c3c2be8ff00957f424ac629
- SHA1
  
  93d6f5442823594f5409b6f379cf9825d71597da
- SHA256
  
  33dc068bbb208a5812f58cc18be54c7b6602c41a3fb33be365d0a200579d4126
- SHA512
  
  5d098d92cb67f5af99bfaffed4f7d481b1ceb9c0a36e9e5c0305f332e3996ebcd450a0e08cb3874bdbdf906b0c4b0166110f96abf6853cbdff82d85f1597366e
- SSDEEP
  
  3072:6o6drfyifGppnIb/qjWteiTs215zeVJ9ikfzrvGsDA:6ljujnv2eideVJ97f/vGsD
Score

10^/10

netwire agilenet botnet rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
- Detects executables packed with Agile.NET / CliSecure
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

netwireagilenetbotnetratstealer

behavioral2

netwireagilenetbotnetratstealer

© 2018-2025

Terms | Privacy