netwire | c22bddc105d939931a107ec48ff42203b6fda9b42bfb9665a2c09142f2e124d8 | Triage

Submit
Reports

Overview

overview

Static

static

3

4ccfc18c2e...18.exe

windows7-x64

4ccfc18c2e...18.exe

windows10-2004-x64

3

Sharing

General

Target

4ccfc18c2eebb7b3ba9cd7b53e540d3b_JaffaCakes118
Size

524KB
Sample

240516-ys8skaea9w
MD5

4ccfc18c2eebb7b3ba9cd7b53e540d3b
SHA1

ae6b1d06bb5d91c8a390218ff6b5eb6a23c8b61d
SHA256

c22bddc105d939931a107ec48ff42203b6fda9b42bfb9665a2c09142f2e124d8
SHA512

90f3623b6f42d9ca1d8d4159d08cb7e7a5fae9c0e6301c8fa5975dc86521e2cdf2db9457ce6bddfd8bf97df3c66b72835bde558890232ea94b4e043fd431de87
SSDEEP

12288:81sPLy/3dkSLshG+u5SoQNSPcQ+Dcy3SS:OKdukoQNmMS

Score

10^/10

netwire botnet rat stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

4ccfc18c2eebb7b3ba9cd7b53e540d3b_JaffaCakes118.exe

Resource

win7-20240221-en

netwire botnet rat stealer

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

4ccfc18c2eebb7b3ba9cd7b53e540d3b_JaffaCakes118.exe

Resource

win10v2004-20240508-en

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Extracted

Family

netwire

C2

gracebillionaire.freemyip.com:39360

Attributes

activex_autorun
false
copy_executable
false
delete_original
false
host_id
HostId-%Rand%
keylogger_dir
%AppData%\Logs\
lock_executable
false
mutex
cMDqgRYn
offline_keylogger
true
password
Sucess1000$
registry_autorun
false
use_mutex
true

Targets

- Target
  
  4ccfc18c2eebb7b3ba9cd7b53e540d3b_JaffaCakes118
- Size
  
  524KB
- MD5
  
  4ccfc18c2eebb7b3ba9cd7b53e540d3b
- SHA1
  
  ae6b1d06bb5d91c8a390218ff6b5eb6a23c8b61d
- SHA256
  
  c22bddc105d939931a107ec48ff42203b6fda9b42bfb9665a2c09142f2e124d8
- SHA512
  
  90f3623b6f42d9ca1d8d4159d08cb7e7a5fae9c0e6301c8fa5975dc86521e2cdf2db9457ce6bddfd8bf97df3c66b72835bde558890232ea94b4e043fd431de87
- SSDEEP
  
  12288:81sPLy/3dkSLshG+u5SoQNSPcQ+Dcy3SS:OKdukoQNmMS
Score

10^/10

netwire botnet rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

netwirebotnetratstealer

behavioral2

© 2018-2025

Terms | Privacy