netwire | 436d1db0f9b341dc7f950c7d013f183f17e26c35832a2a048bb02ab95621693f | Triage

Submit
Reports

Overview

overview

Static

static

3

55f0ddfd4b...18.exe

windows7-x64

55f0ddfd4b...18.exe

windows10-2004-x64

Sharing

General

Target

55f0ddfd4b3332e653f4ad6c5eb64367_JaffaCakes118
Size

216KB
Sample

240518-v25kqafa26
MD5

55f0ddfd4b3332e653f4ad6c5eb64367
SHA1

de38b7d892416e635b36eb72171e305ddcf48ca0
SHA256

436d1db0f9b341dc7f950c7d013f183f17e26c35832a2a048bb02ab95621693f
SHA512

65ab63fa46e7da97d6dac059a7f759b191030dd774fac61aeee6e1f91bda0f98862ff795ba3c99b987ae061ad013478a0e12c27a89ca25904cda2b0b1dc15089
SSDEEP

6144:b8BZaWmtoip7jNcOFwf077vd6KVfSze5YqOYb:4BZ+qiljNbFwf8cMfSi5tj

Score

10^/10

netwire botnet rat stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

55f0ddfd4b3332e653f4ad6c5eb64367_JaffaCakes118.exe

Resource

win7-20240220-en

netwire botnet rat stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

55f0ddfd4b3332e653f4ad6c5eb64367_JaffaCakes118.exe

Resource

win10v2004-20240508-en

netwire botnet rat stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

netwire

C2

88.150.138.72:3360

Attributes

activex_autorun
false
copy_executable
false
delete_original
false
host_id
HostId-%Rand%
keylogger_dir
%AppData%\Logs\
lock_executable
false
offline_keylogger
true
password
Password
registry_autorun
false
use_mutex
false

Targets

- Target
  
  55f0ddfd4b3332e653f4ad6c5eb64367_JaffaCakes118
- Size
  
  216KB
- MD5
  
  55f0ddfd4b3332e653f4ad6c5eb64367
- SHA1
  
  de38b7d892416e635b36eb72171e305ddcf48ca0
- SHA256
  
  436d1db0f9b341dc7f950c7d013f183f17e26c35832a2a048bb02ab95621693f
- SHA512
  
  65ab63fa46e7da97d6dac059a7f759b191030dd774fac61aeee6e1f91bda0f98862ff795ba3c99b987ae061ad013478a0e12c27a89ca25904cda2b0b1dc15089
- SSDEEP
  
  6144:b8BZaWmtoip7jNcOFwf077vd6KVfSze5YqOYb:4BZ+qiljNbFwf8cMfSi5tj
Score

10^/10

netwire botnet rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

netwirebotnetratstealer

behavioral2

netwirebotnetratstealer

© 2018-2025

Terms | Privacy