netwire | 1b6d07883242bc16fa0f2ecdbb7fd6abae89f244f66c1a32d9fd8b3f3c3d3661 | Triage

Submit
Reports

Overview

overview

Static

static

3

484014cfcb...18.exe

windows7-x64

484014cfcb...18.exe

windows10-2004-x64

Sharing

General

Target

484014cfcb70a39296ca04415f71a750_JaffaCakes118
Size

831KB
Sample

240515-1zwgxsed4x
MD5

484014cfcb70a39296ca04415f71a750
SHA1

f6437e2a1834dd687316821df0dca7c3e523f36b
SHA256

1b6d07883242bc16fa0f2ecdbb7fd6abae89f244f66c1a32d9fd8b3f3c3d3661
SHA512

0fa2e906065e2731e12c1880c2b321d3082f6157eefc2f138f4907389b8d9b789505a83d9a204152139b9283ea6328e8e83c254ec8379eb024649aee0c7d4302
SSDEEP

12288:OYk+mQo8BdbrQ0Fl92VT7twWQldCMoAODEcl3/8fuboF5Q:OY5mstrfb+7tBqsMwEclPegoF5

Score

10^/10

netwire botnet rat stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

484014cfcb70a39296ca04415f71a750_JaffaCakes118.exe

Resource

win7-20240221-en

netwire botnet rat stealer upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

484014cfcb70a39296ca04415f71a750_JaffaCakes118.exe

Resource

win10v2004-20240508-en

netwire botnet rat stealer upx

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

netwire

C2

185.140.53.212:3380

Attributes

activex_autorun
false
copy_executable
false
delete_original
false
host_id
HostId-%Rand%
keylogger_dir
%AppData%\Logs\
lock_executable
false
offline_keylogger
true
password
Password
registry_autorun
false
use_mutex
false

Targets

- Target
  
  484014cfcb70a39296ca04415f71a750_JaffaCakes118
- Size
  
  831KB
- MD5
  
  484014cfcb70a39296ca04415f71a750
- SHA1
  
  f6437e2a1834dd687316821df0dca7c3e523f36b
- SHA256
  
  1b6d07883242bc16fa0f2ecdbb7fd6abae89f244f66c1a32d9fd8b3f3c3d3661
- SHA512
  
  0fa2e906065e2731e12c1880c2b321d3082f6157eefc2f138f4907389b8d9b789505a83d9a204152139b9283ea6328e8e83c254ec8379eb024649aee0c7d4302
- SSDEEP
  
  12288:OYk+mQo8BdbrQ0Fl92VT7twWQldCMoAODEcl3/8fuboF5Q:OY5mstrfb+7tBqsMwEclPegoF5
Score

10^/10

netwire botnet rat stealer upx
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

netwirebotnetratstealerupx

behavioral2

netwirebotnetratstealerupx

© 2018-2025

Terms | Privacy