netwire | c22bddc105d939931a107ec48ff42203b6fda9b42bfb9665a2c09142f2e124d8 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

4ccfc18c2e...18.exe

windows7-x64

4ccfc18c2e...18.exe

windows10-2004-x64

3

Sharing

General

Target

4ccfc18c2eebb7b3ba9cd7b53e540d3b_JaffaCakes118
Size

524KB
Sample

240516-ys8skaea9w
MD5

4ccfc18c2eebb7b3ba9cd7b53e540d3b
SHA1

ae6b1d06bb5d91c8a390218ff6b5eb6a23c8b61d
SHA256

c22bddc105d939931a107ec48ff42203b6fda9b42bfb9665a2c09142f2e124d8
SHA512

90f3623b6f42d9ca1d8d4159d08cb7e7a5fae9c0e6301c8fa5975dc86521e2cdf2db9457ce6bddfd8bf97df3c66b72835bde558890232ea94b4e043fd431de87
SSDEEP

12288:81sPLy/3dkSLshG+u5SoQNSPcQ+Dcy3SS:OKdukoQNmMS

Score

10^/10

netwire botnet rat stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

4ccfc18c2eebb7b3ba9cd7b53e540d3b_JaffaCakes118.exe

Resource

win7-20240221-en

netwire botnet rat stealer

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

4ccfc18c2eebb7b3ba9cd7b53e540d3b_JaffaCakes118.exe

Resource

win10v2004-20240508-en

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Extracted

Family

netwire

C2

gracebillionaire.freemyip.com:39360

Attributes

activex_autorun
false
copy_executable
false
delete_original
false
host_id
HostId-%Rand%
keylogger_dir
%AppData%\Logs\
lock_executable
false
mutex
cMDqgRYn
offline_keylogger
true
password
Sucess1000$
registry_autorun
false
use_mutex
true

Targets

- Target
  
  4ccfc18c2eebb7b3ba9cd7b53e540d3b_JaffaCakes118
- Size
  
  524KB
- MD5
  
  4ccfc18c2eebb7b3ba9cd7b53e540d3b
- SHA1
  
  ae6b1d06bb5d91c8a390218ff6b5eb6a23c8b61d
- SHA256
  
  c22bddc105d939931a107ec48ff42203b6fda9b42bfb9665a2c09142f2e124d8
- SHA512
  
  90f3623b6f42d9ca1d8d4159d08cb7e7a5fae9c0e6301c8fa5975dc86521e2cdf2db9457ce6bddfd8bf97df3c66b72835bde558890232ea94b4e043fd431de87
- SSDEEP
  
  12288:81sPLy/3dkSLshG+u5SoQNSPcQ+Dcy3SS:OKdukoQNmMS
Score

10^/10

netwire botnet rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

netwirebotnetratstealer

behavioral2

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.