netwire | 1b15ef17ccb1a99c3953f61de01ebceaeef2277b3b5939408050dc7c1010d1bb | Triage

Submit
Reports

Overview

overview

Static

static

5

1b15ef17cc...bb.exe

windows7-x64

1b15ef17cc...bb.exe

windows10-2004-x64

Resubmissions

10-07-2024 08:09

240710-j2cddswepr 10

24-06-2024 09:09

240624-k4rrjaxhnm 10

Sharing

General

Target

1b15ef17ccb1a99c3953f61de01ebceaeef2277b3b5939408050dc7c1010d1bb
Size

1.6MB
Sample

240710-j2cddswepr
MD5

e33ca6e0ec223d2b3e958131424eff4a
SHA1

95d900e5915d99ad55fb24ed8c6d04a804035b45
SHA256

1b15ef17ccb1a99c3953f61de01ebceaeef2277b3b5939408050dc7c1010d1bb
SHA512

330731c2fda4b2af15d13bd7469d79d7ec14039da61fb763cfe030bf91f1244856a9c9e32a89e19a55363e82e5aba2cb3718599089d01314ca675a1dafabbd56
SSDEEP

24576:Atb20pkaCqT5TBWgNQ7a5r9eU1q1ndOeBJ4OlOO5qVm7qv6A:JVg5tQ7a3eU1qZdR+Ool5

Score

10^/10

netwire botnet rat stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

1b15ef17ccb1a99c3953f61de01ebceaeef2277b3b5939408050dc7c1010d1bb.exe

Resource

win7-20240708-en

netwire botnet rat stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

1b15ef17ccb1a99c3953f61de01ebceaeef2277b3b5939408050dc7c1010d1bb.exe

Resource

win10v2004-20240709-en

netwire botnet rat stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

netwire

C2

ihracat.myq-see.com:5770

Attributes

activex_autorun
false
copy_executable
false
delete_original
false
host_id
2020-Clienst
keylogger_dir
%AppData%\Logs\
lock_executable
false
mutex
hsFkbJUl
offline_keylogger
true
password
backdooR1
registry_autorun
false
use_mutex
true

Targets

- Target
  
  1b15ef17ccb1a99c3953f61de01ebceaeef2277b3b5939408050dc7c1010d1bb
- Size
  
  1.6MB
- MD5
  
  e33ca6e0ec223d2b3e958131424eff4a
- SHA1
  
  95d900e5915d99ad55fb24ed8c6d04a804035b45
- SHA256
  
  1b15ef17ccb1a99c3953f61de01ebceaeef2277b3b5939408050dc7c1010d1bb
- SHA512
  
  330731c2fda4b2af15d13bd7469d79d7ec14039da61fb763cfe030bf91f1244856a9c9e32a89e19a55363e82e5aba2cb3718599089d01314ca675a1dafabbd56
- SSDEEP
  
  24576:Atb20pkaCqT5TBWgNQ7a5r9eU1q1ndOeBJ4OlOO5qVm7qv6A:JVg5tQ7a3eU1qZdR+Ool5
Score

10^/10

netwire botnet rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

netwirebotnetratstealer

behavioral2

netwirebotnetratstealer

© 2018-2025

Terms | Privacy