netwire | 4cda545865d04de7de11c1e55d551a53096cbf9efe26bc61fe009695603f1b28 | Triage

Submit
Reports

Overview

overview

Static

static

4cda545865...28.exe

windows7-x64

4cda545865...28.exe

windows10-2004-x64

Sharing

General

Target

4cda545865d04de7de11c1e55d551a53096cbf9efe26bc61fe009695603f1b28.exe
Size

160KB
Sample

240527-bgp5raag4y
MD5

e477181e703bd428f9346ffe3198e16f
SHA1

ca92071f9c5290450fc13f3c11b3cbca20d7b75b
SHA256

4cda545865d04de7de11c1e55d551a53096cbf9efe26bc61fe009695603f1b28
SHA512

284e7cca5ed9d3635b15fdb9d7d415f9f77986feb4997cabcba71de26a3ef9748bfa636b9b2bb4f9bf51b0adddecf9f8913139a044bef19f55855a9576f924bc
SSDEEP

3072:jOzPcXa+ND32eioGHlz8rnAE0HCXh0edLvG3YMjMqqDuFf:jOTcK+NrRioGHlz8rz0i/uzQqqDuFf

Score

10^/10

netwire botnet rat stealer

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

4cda545865d04de7de11c1e55d551a53096cbf9efe26bc61fe009695603f1b28.exe

Resource

win7-20240221-en

netwire botnet rat stealer

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

4cda545865d04de7de11c1e55d551a53096cbf9efe26bc61fe009695603f1b28.exe

Resource

win10v2004-20240426-en

netwire botnet rat stealer

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

netwire

C2

43.226.229.43:2030

Attributes

activex_autorun
false
copy_executable
true
delete_original
false
host_id
ECHO
install_path
%AppData%\Install\Host.exe
keylogger_dir
C:\Users\Administrator\AppData\Roaming\Logs\
lock_executable
false
offline_keylogger
true
password
Password
registry_autorun
true
startup_name
NetWire
use_mutex
false

Targets

- Target
  
  4cda545865d04de7de11c1e55d551a53096cbf9efe26bc61fe009695603f1b28.exe
- Size
  
  160KB
- MD5
  
  e477181e703bd428f9346ffe3198e16f
- SHA1
  
  ca92071f9c5290450fc13f3c11b3cbca20d7b75b
- SHA256
  
  4cda545865d04de7de11c1e55d551a53096cbf9efe26bc61fe009695603f1b28
- SHA512
  
  284e7cca5ed9d3635b15fdb9d7d415f9f77986feb4997cabcba71de26a3ef9748bfa636b9b2bb4f9bf51b0adddecf9f8913139a044bef19f55855a9576f924bc
- SSDEEP
  
  3072:jOzPcXa+ND32eioGHlz8rnAE0HCXh0edLvG3YMjMqqDuFf:jOTcK+NrRioGHlz8rz0i/uzQqqDuFf
Score

10^/10

netwire botnet rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

netwirebotnetratstealer

behavioral2

netwirebotnetratstealer

© 2018-2025

Terms | Privacy