netwire | 97c0e937689f7ccf2ff6e468c1df802df5f22a76c672f544555b01b7e6d7aa42 | Triage

Submit
Reports

Overview

overview

Static

static

3

d8d4a25dd4...9b.exe

windows7-x64

d8d4a25dd4...9b.exe

windows10-2004-x64

Sharing

General

Target

97c0e937689f7ccf2ff6e468c1df802df5f22a76c672f544555b01b7e6d7aa42
Size

219KB
Sample

240417-p7yfpshg4t
MD5

6e3ea093faefe0ce4c62d0de1f5a978f
SHA1

e33d4e095efc103b22426545f853b5e620bee345
SHA256

97c0e937689f7ccf2ff6e468c1df802df5f22a76c672f544555b01b7e6d7aa42
SHA512

d60d0fc4476ff0051b98b4eb110563da71e2cc300c1996700142d1a11e67fff8ffa4189ea9a541b2b1ab2c8ba3f913223a48bcefa1f352a28883868a4f54c007
SSDEEP

3072:XmIIIkJ5qebMZt//w42bOT4GFoMcLFgk6xsCegJKW+698U+LJrserIhdD86X/s3h:8JcebM7nwJbZsIf6ZeeH8jLJ4FrI6Pfe

Score

10^/10

netwire botnet rat stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d8d4a25dd484e96413ff9530e93621af5c53e96cf2b0435968f5fc72dad85d9b.exe

Resource

win7-20240221-en

netwire botnet rat stealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

d8d4a25dd484e96413ff9530e93621af5c53e96cf2b0435968f5fc72dad85d9b.exe

Resource

win10v2004-20240412-en

netwire botnet rat stealer

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

netwire

C2

forgiveme.workisboring.com:3360

Attributes

activex_autorun
true
activex_key
{TN38RH36-U670-03U7-57DE-24XMTWQBHGH1}
copy_executable
true
delete_original
false
host_id
bendal
install_path
%AppData%\Install\Host.exe
keylogger_dir
%AppData%\Logs\
lock_executable
false
offline_keylogger
true
password
Password
registry_autorun
true
startup_name
centosffjk
use_mutex
false

Targets

- Target
  
  d8d4a25dd484e96413ff9530e93621af5c53e96cf2b0435968f5fc72dad85d9b.exe
- Size
  
  432KB
- MD5
  
  9b07a0fdaa64049e857b3982eeb3a575
- SHA1
  
  63d7d2eefd78ee4736243c8e32c305366603c579
- SHA256
  
  d8d4a25dd484e96413ff9530e93621af5c53e96cf2b0435968f5fc72dad85d9b
- SHA512
  
  49db3c66ee829534937ba0cc8f62f568cc04891b141e402d5c2c7961335efbd453f33bc57b218f9cf609b4a665df4b31810d4215d6e994c03934264b184c770a
- SSDEEP
  
  6144:SPn3xY3d6ND9D/S4mAC09X1Qd6pOzWqGLDUz7j42W3Llin:SLNoS1Y6pq1AUvjW3Un
Score

10^/10

netwire botnet rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

netwirebotnetratstealer

behavioral2

netwirebotnetratstealer

© 2018-2024

Terms | Privacy