netwire | 10d14ef85a4adabafbdcdd7ba04cbbfd97fc4da62d24a4cbe6c20054eab1a1df | Triage

Submit
Reports

Overview

overview

Static

static

3

6f5104bde3...18.exe

windows7-x64

6f5104bde3...18.exe

windows10-2004-x64

Sharing

General

Target

6f5104bde3de1aa9fde0bb260b4b0791_JaffaCakes118
Size

550KB
Sample

240524-v9s7nadf4y
MD5

6f5104bde3de1aa9fde0bb260b4b0791
SHA1

d821aea148173cc167aa96a89194e0b07ac1a791
SHA256

10d14ef85a4adabafbdcdd7ba04cbbfd97fc4da62d24a4cbe6c20054eab1a1df
SHA512

7bb4945fcc25a81c9d74601f840add7f95fa6d8404c5c3f55e4cab3fcb773328f045606e17dc9e4c13c54d9214b28bafc90f4a0de55fb7e8fbee1c3e7b8bd78a
SSDEEP

12288:qa6Jb0lIEuVptZQ12DuWFj6HDFCa2Pn/8c769k:qv4ItTdwHDYaan0K6W

Score

10^/10

netwire botnet persistence rat stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

6f5104bde3de1aa9fde0bb260b4b0791_JaffaCakes118.exe

Resource

win7-20240221-en

netwire botnet persistence rat stealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

6f5104bde3de1aa9fde0bb260b4b0791_JaffaCakes118.exe

Resource

win10v2004-20240508-en

netwire botnet persistence rat stealer

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

netwire

C2

160.202.163.242:8704

Attributes

activex_autorun
false
copy_executable
false
delete_original
false
host_id
HostId-%Rand%
keylogger_dir
%AppData%\Logs\
lock_executable
false
offline_keylogger
true
password
Password
registry_autorun
false
use_mutex
false

Targets

- Target
  
  6f5104bde3de1aa9fde0bb260b4b0791_JaffaCakes118
- Size
  
  550KB
- MD5
  
  6f5104bde3de1aa9fde0bb260b4b0791
- SHA1
  
  d821aea148173cc167aa96a89194e0b07ac1a791
- SHA256
  
  10d14ef85a4adabafbdcdd7ba04cbbfd97fc4da62d24a4cbe6c20054eab1a1df
- SHA512
  
  7bb4945fcc25a81c9d74601f840add7f95fa6d8404c5c3f55e4cab3fcb773328f045606e17dc9e4c13c54d9214b28bafc90f4a0de55fb7e8fbee1c3e7b8bd78a
- SSDEEP
  
  12288:qa6Jb0lIEuVptZQ12DuWFj6HDFCa2Pn/8c769k:qv4ItTdwHDYaan0K6W
Score

10^/10

netwire botnet persistence rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Drops startup file
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

netwirebotnetpersistenceratstealer

behavioral2

netwirebotnetpersistenceratstealer

© 2018-2025

Terms | Privacy