netwire | 9ccc6b26315468a08a3822ff6d180d5525bbd3c80b91a0e31502e256876d033f | Triage

Sharing

General

Target

7b527aa6b088479c8ae3d69ce13f374f_JaffaCakes118
Size

237KB
Sample

240528-cghaksbh57
MD5

7b527aa6b088479c8ae3d69ce13f374f
SHA1

a668c9895849396d44f37d65d3295d1bd33d27b5
SHA256

9ccc6b26315468a08a3822ff6d180d5525bbd3c80b91a0e31502e256876d033f
SHA512

565f41f827ebffbd8eaa3ceb03a5ee6e83d56a4e1e211502f18e3eb35ba7d84e928823500227e04ac409691b282b2fe3759a52f50735226b2c3753afeac0c40f
SSDEEP

6144:j1onDQ94fjMci/K62iofEHUMEY0+h2teAfH:BoDQ9AME62iofEHf2fnP

Score

10^/10

netwire botnet rat stealer

Malware Config

Extracted

Family

netwire

C2

88.150.227.73:1945

Attributes

activex_autorun
false
copy_executable
false
delete_original
false
host_id
HAVANA-%Rand%
keylogger_dir
%AppData%\Havana\
lock_executable
false
mutex
poTGpHhl
offline_keylogger
true
password
WeWillFuckTheWorld078
registry_autorun
false
use_mutex
true

Targets

- Target
  
  7b527aa6b088479c8ae3d69ce13f374f_JaffaCakes118
- Size
  
  237KB
- MD5
  
  7b527aa6b088479c8ae3d69ce13f374f
- SHA1
  
  a668c9895849396d44f37d65d3295d1bd33d27b5
- SHA256
  
  9ccc6b26315468a08a3822ff6d180d5525bbd3c80b91a0e31502e256876d033f
- SHA512
  
  565f41f827ebffbd8eaa3ceb03a5ee6e83d56a4e1e211502f18e3eb35ba7d84e928823500227e04ac409691b282b2fe3759a52f50735226b2c3753afeac0c40f
- SSDEEP
  
  6144:j1onDQ94fjMci/K62iofEHUMEY0+h2teAfH:BoDQ9AME62iofEHf2fnP
Score

10^/10

netwire botnet rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  3e277798b9d8f48806fbb5ebfd4990db
- SHA1
  
  d1ab343c5792bc99599ec7acba506e8ba7e05969
- SHA256
  
  fe19353288a08a5d2640a9c022424a1d20e4909a351f2114423e087313a40d7c
- SHA512
  
  84c9d4e2e6872277bffb0e10b292c8c384d475ad163fd0a47ca924a3c79077dfde880f535a171660f73265792554129161d079a10057d44e28e2d57ebc477e92
- SSDEEP
  
  192:d4n3T5aK+dHCMR1aQR9RuZl3WWmU7WYZsw1JpVGnrjsK72dwF7dBOne:Wn3T5KdHCMRD/R1cOnrjs+BO
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  3f176d1ee13b0d7d6bd92e1c7a0b9bae
- SHA1
  
  fe582246792774c2c9dd15639ffa0aca90d6fd0b
- SHA256
  
  fa4ab1d6f79fd677433a31ada7806373a789d34328da46ccb0449bbf347bd73e
- SHA512
  
  0a69124819b7568d0dea4e9e85ce8fe61c7ba697c934e3a95e2dcfb9f252b1d9da7faf8774b6e8efd614885507acc94987733eba09a2f5e7098b774dfc8524b6
- SSDEEP
  
  192:OPtkumJX7zB22kGwfy0mtVgkCPOsX1un:/702k5qpdsXQn
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  b5a1f9dc73e2944a388a61411bdd8c70
- SHA1
  
  dc9b20df3f3810c2e81a0c54dea385704ba8bef7
- SHA256
  
  288100583f65a2b7acfc0c7e231c0e268c58d3067675543f627c01e82f6fd884
- SHA512
  
  b9c8d71b5da00f2aff7847b9ec3bd8a588afeb525f47a0df235b52f7b2233edb3928a2c8e0b493f287c923cc52a340ad6fee99822595d6591df0e97870de92a8
- SSDEEP
  
  96:p7GUxNkO6GR0t9GKKr1Zd8NHYVVHp4dEeY3kRnHdMqqyVgNQ3e:lXhHR0aTQN4gRHdMqJVgNH
Score

3^/10
behavioral7 behavioral8
- Target
  
  uninstall.exe
- Size
  
  58KB
- MD5
  
  a53a912fab731bed752d8421d7de4dd2
- SHA1
  
  90289c2fa0c47350cd85ea1cb5d5e13de27f551a
- SHA256
  
  960293e0cfc7f99fe7d6f90065e3712c0ebfdfb3a259e9d2758fe305aa57c61a
- SHA512
  
  f9e2c3ccf04664bfd90f8d30ab35e8be64b5c6cc0b5d8d795a7d7b514a50277831637a4acbbe03113bb3c17abec9765122e3122e7c12672e278505d2d56feda6
- SSDEEP
  
  1536:j1E/rzW2pakRmB7BW3nKsciPgdLeAyN0X7qgFXYtP:j1E/rS2paccKntcqceAD7vFXYtP
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  3f176d1ee13b0d7d6bd92e1c7a0b9bae
- SHA1
  
  fe582246792774c2c9dd15639ffa0aca90d6fd0b
- SHA256
  
  fa4ab1d6f79fd677433a31ada7806373a789d34328da46ccb0449bbf347bd73e
- SHA512
  
  0a69124819b7568d0dea4e9e85ce8fe61c7ba697c934e3a95e2dcfb9f252b1d9da7faf8774b6e8efd614885507acc94987733eba09a2f5e7098b774dfc8524b6
- SSDEEP
  
  192:OPtkumJX7zB22kGwfy0mtVgkCPOsX1un:/702k5qpdsXQn
Score

3^/10
behavioral11 behavioral12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

netwirebotnetratstealer

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12