netwire | b14ea2f152e1a5710ae3c34f8d98bf85e8d07bfe48a2e03b4987272b0d783855 | Triage

Submit
Reports

Overview

overview

Static

static

3

b0756a1405...18.exe

windows7-x64

b0756a1405...18.exe

windows10-2004-x64

Sharing

General

Target

b0756a14058ba24ffa31d03c5a15c2ee_JaffaCakes118
Size

268KB
Sample

240615-2jy4jsxdpc
MD5

b0756a14058ba24ffa31d03c5a15c2ee
SHA1

fa92daf4a6963160e131e543c8c2a51dd8efd84e
SHA256

b14ea2f152e1a5710ae3c34f8d98bf85e8d07bfe48a2e03b4987272b0d783855
SHA512

5591f61543b8751e3d5ffab83b6fcf7c61dc601a0c80332d05b30460aecbc7a22693d34f30e51ac8e6b67bd74cb7f0ac9459304a4bccd4e572be833374b1e415
SSDEEP

6144:XyBLkXVtU8FTskYpYr+ufYQxiaBXozlQuUCrST:XyBLkXHUwwfpJmYQcaBgvUNT

Score

10^/10

netwire botnet rat stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b0756a14058ba24ffa31d03c5a15c2ee_JaffaCakes118.exe

Resource

win7-20240221-en

netwire botnet rat stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

b0756a14058ba24ffa31d03c5a15c2ee_JaffaCakes118.exe

Resource

win10v2004-20240508-en

netwire botnet rat stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

netwire

C2

fingers1.ddns.net:3360

Attributes

activex_autorun
false
copy_executable
false
delete_original
false
host_id
HostId-%Rand%
keylogger_dir
%AppData%\Logs\
lock_executable
false
offline_keylogger
true
password
Password
registry_autorun
false
use_mutex
false

Targets

- Target
  
  b0756a14058ba24ffa31d03c5a15c2ee_JaffaCakes118
- Size
  
  268KB
- MD5
  
  b0756a14058ba24ffa31d03c5a15c2ee
- SHA1
  
  fa92daf4a6963160e131e543c8c2a51dd8efd84e
- SHA256
  
  b14ea2f152e1a5710ae3c34f8d98bf85e8d07bfe48a2e03b4987272b0d783855
- SHA512
  
  5591f61543b8751e3d5ffab83b6fcf7c61dc601a0c80332d05b30460aecbc7a22693d34f30e51ac8e6b67bd74cb7f0ac9459304a4bccd4e572be833374b1e415
- SSDEEP
  
  6144:XyBLkXVtU8FTskYpYr+ufYQxiaBXozlQuUCrST:XyBLkXHUwwfpJmYQcaBgvUNT
Score

10^/10

netwire botnet rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Drops startup file
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

netwirebotnetratstealer

behavioral2

netwirebotnetratstealer

© 2018-2025

Terms | Privacy