netwire | 5226a12dc7f7b5e28732ad8b5ad6fa9a35eadfbeec122d798cd53c5ef73fe86a | Triage

Submit
Reports

Overview

overview

Static

static

3

dbd37b8c04...5f.exe

windows7-x64

dbd37b8c04...5f.exe

windows10-2004-x64

Sharing

General

Target

dbd37b8c044a27ec8008c6489231075f
Size

359KB
Sample

240321-rjy4faeh3z
MD5

dbd37b8c044a27ec8008c6489231075f
SHA1

cc5b97876fe9b09e2e0618a9f1a7c4dc1d78d129
SHA256

5226a12dc7f7b5e28732ad8b5ad6fa9a35eadfbeec122d798cd53c5ef73fe86a
SHA512

2ac7bc5b879ee7088e91120ef9b5b22d58b7be28f59960317524948e78417021cd13ba4701367e701e453cde84e64b29072643b6a183a203c506070a71d6d166
SSDEEP

6144:ZlfjLIs254Cz4FatkOAOqQxM3QLylFzk8x2dQ325Y/XDzQsFv:Z9jLIs25BrxM3+yHY84dQmGzz7F

Score

10^/10

netwire botnet persistence rat stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

dbd37b8c044a27ec8008c6489231075f.exe

Resource

win7-20240221-en

netwire botnet persistence rat stealer

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

dbd37b8c044a27ec8008c6489231075f.exe

Resource

win10v2004-20240226-en

netwire botnet persistence rat stealer

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

netwire

C2

66.154.103.106:13377

Attributes

activex_autorun
false
copy_executable
false
delete_original
false
host_id
myphone
lock_executable
false
offline_keylogger
false
password
Password
registry_autorun
false
use_mutex
false

Targets

- Target
  
  dbd37b8c044a27ec8008c6489231075f
- Size
  
  359KB
- MD5
  
  dbd37b8c044a27ec8008c6489231075f
- SHA1
  
  cc5b97876fe9b09e2e0618a9f1a7c4dc1d78d129
- SHA256
  
  5226a12dc7f7b5e28732ad8b5ad6fa9a35eadfbeec122d798cd53c5ef73fe86a
- SHA512
  
  2ac7bc5b879ee7088e91120ef9b5b22d58b7be28f59960317524948e78417021cd13ba4701367e701e453cde84e64b29072643b6a183a203c506070a71d6d166
- SSDEEP
  
  6144:ZlfjLIs254Cz4FatkOAOqQxM3QLylFzk8x2dQ325Y/XDzQsFv:Z9jLIs25BrxM3+yHY84dQmGzz7F
Score

10^/10

netwire botnet persistence rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

netwirebotnetpersistenceratstealer

behavioral2

netwirebotnetpersistenceratstealer

© 2018-2025

Terms | Privacy