netwire | 540ee9bedf4c8b8020060d1aa86b9538b4e30a4efa10c8d5a00357a8a1220df0 | Triage

Submit
Reports

Overview

overview

Static

static

3

c14f7a70a3...7a.exe

windows7-x64

c14f7a70a3...7a.exe

windows10-2004-x64

Sharing

General

Target

540ee9bedf4c8b8020060d1aa86b9538b4e30a4efa10c8d5a00357a8a1220df0
Size

131KB
Sample

240417-p63n2ahf71
MD5

fb2be7d58a31d52abe49f3d9a431921f
SHA1

e78af44ad573d25f2884cfc317d9635eab27d7bd
SHA256

540ee9bedf4c8b8020060d1aa86b9538b4e30a4efa10c8d5a00357a8a1220df0
SHA512

0c0ca4b1ca01c375fb5204127055a70ecfea750d20faadcd65334ea75c80db06cfa966aa44c7202f303621a1662dce2223f6f08fe24cec9eb6224ffe82b62240
SSDEEP

3072:05Ui2T9qBDp0aPM2hL0SJfEqnI1tS4FRmbrgtFZilJN:TKN0aE2hYBftKPgg3N

Score

10^/10

netwire botnet persistence rat stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c14f7a70a3083113154ae0242fd0e14b4c54056cfdb419ec46f3e0471bf0827a.exe

Resource

win7-20240220-en

netwire botnet persistence rat stealer

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

c14f7a70a3083113154ae0242fd0e14b4c54056cfdb419ec46f3e0471bf0827a.exe

Resource

win10v2004-20240412-en

netwire botnet persistence rat stealer

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

netwire

C2

winx.xcapdatap.capetown:7390

Attributes

activex_autorun
false
copy_executable
false
delete_original
false
host_id
Jagz_$$$
keylogger_dir
%AppData%\Logs\
lock_executable
false
offline_keylogger
true
password
P@55w0rd!
registry_autorun
false
use_mutex
false

Targets

- Target
  
  c14f7a70a3083113154ae0242fd0e14b4c54056cfdb419ec46f3e0471bf0827a.exe
- Size
  
  208KB
- MD5
  
  3b25677fa8107108e47bf97e9df675a6
- SHA1
  
  fb4c79542cf166a2f7b099b65c43db58b6a01e68
- SHA256
  
  c14f7a70a3083113154ae0242fd0e14b4c54056cfdb419ec46f3e0471bf0827a
- SHA512
  
  71010fcba0fc1973b642332b25eda77eeda517c819e203b683fe005c3f5c332a86a7bd5fa5150e34f300577ec8404eac7e66ef3c91542ae90bb4bfd857edc280
- SSDEEP
  
  3072:2H4l3KCxknsqA36giLi9YiE8qoX4Ot6QN05XRu+/glGMs4u8jQHVVy0b:2HCLqs12Li9YhqthN0RGFs+QH
Score

10^/10

netwire botnet persistence rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

netwirebotnetpersistenceratstealer

behavioral2

netwirebotnetpersistenceratstealer

© 2018-2025

Terms | Privacy