netwire | 838dcb9b19c330b4ecba06dfb5d5aa465a9cb1f188c48d2b0bdba1825f9f5a03 | Triage

Submit
Reports

Overview

overview

Static

static

3647bace25...1c.exe

windows7-x64

3647bace25...1c.exe

windows10-2004-x64

Sharing

General

Target

838dcb9b19c330b4ecba06dfb5d5aa465a9cb1f188c48d2b0bdba1825f9f5a03
Size

51KB
Sample

240417-p724wsgc53
MD5

23681f6652a894f1ae518879a4d7c915
SHA1

e7a0c59496bfa6f51cc80c127d88cee4427edeb3
SHA256

838dcb9b19c330b4ecba06dfb5d5aa465a9cb1f188c48d2b0bdba1825f9f5a03
SHA512

4da96e3b1f895cb97e7753fb701b60cec469d2980e324fc74ba55196007a3f7af7e2a0051cc1a6148df72d6360302a2aa2191925fa92089bd225b6f24375cc85
SSDEEP

1536:ubDxZQcXHFjC2I6ec/LDk7Z7QtmKDc9e/P+MNJ6Qn1Vg:IDxZ7XIaLENKDcw/BNJ6QnM

Score

10^/10

netwire botnet rat stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

3647bace25f94430a534aba8aba08a731571ab2ab22f95ac209096e2c32ef81c.exe

Resource

win7-20240221-en

netwire botnet rat stealer

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

3647bace25f94430a534aba8aba08a731571ab2ab22f95ac209096e2c32ef81c.exe

Resource

win10v2004-20240226-en

netwire botnet rat stealer

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Extracted

Family

netwire

C2

majika.gotdns.ch:1120

nik.pointto.us:1120

nikouh.pointto.us:1120

Attributes

activex_autorun
false
copy_executable
false
delete_original
false
host_id
naza
keylogger_dir
%AppData%\Logs\
lock_executable
true
mutex
CVkJEjPx
offline_keylogger
true
password
vodka
registry_autorun
false
use_mutex
true

Targets

- Target
  
  3647bace25f94430a534aba8aba08a731571ab2ab22f95ac209096e2c32ef81c.exe
- Size
  
  132KB
- MD5
  
  58d02ed4bc010363facf162ac2976905
- SHA1
  
  0fdbd386a4cd8ac2edbd32a32a2fd5e8263bc38c
- SHA256
  
  3647bace25f94430a534aba8aba08a731571ab2ab22f95ac209096e2c32ef81c
- SHA512
  
  3287fee2405d95e03032339306253abb97d5c95b1da988f827192b4ca2c52615e271cf3f5ac58a3e3cb6a175b15d70300f86078f39145470391c0c9843daf673
- SSDEEP
  
  1536:dtTSUSKzF0Lh9a7WraTWFbmDHVXWRVAzZ8MfUSl7Q3rw75ggZG:dt5SKzF0Lh9a7IGW9GHeOFVvc3rKZG
Score

10^/10

netwire botnet rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

netwirebotnetratstealer

behavioral2

netwirebotnetratstealer

© 2018-2024

Terms | Privacy