netwire | d05b01de0d1bd816e1024cb47ba0b5c2205cc3aa274e466d59a39052ad945c36 | Triage

Submit
Reports

Overview

overview

Static

static

3

c43f9a6bbb...18.exe

windows7-x64

c43f9a6bbb...18.exe

windows10-2004-x64

Sharing

General

Target

c43f9a6bbb9ae4e618d4a72c626259d4_JaffaCakes118
Size

540KB
Sample

240827-djc93szaqc
MD5

c43f9a6bbb9ae4e618d4a72c626259d4
SHA1

b0d56df59de23d693e9d2bcfde5569c683895715
SHA256

d05b01de0d1bd816e1024cb47ba0b5c2205cc3aa274e466d59a39052ad945c36
SHA512

9b237dbcb32e0e5cba0d15c954c6bd830cee42d0235083a3d6dff49e6b25968ae797006fe432a264ee59b3e2139b0b40fd6479dfb14c2912df1cf91abb3a6fb6
SSDEEP

3072:lYFzyxPM+ETS8wwyd+Z9vZ9hiCeZI9rliT/qyqms1XIfnEL08kRk60RjH:lYJyxPML/OwFhiu9rlqa71MEL0P7uj

Score

10^/10

netwire botnet discovery rat stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c43f9a6bbb9ae4e618d4a72c626259d4_JaffaCakes118.exe

Resource

win7-20240705-en

netwire botnet discovery rat stealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

c43f9a6bbb9ae4e618d4a72c626259d4_JaffaCakes118.exe

Resource

win10v2004-20240802-en

netwire botnet discovery rat stealer

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

netwire

C2

cowboyz.climatechangeawareness.uk:31256

Attributes

activex_autorun
true
activex_key
{3BGD0153-4IDF-FT00-RY63-XFA4O7NRPM6W}
copy_executable
true
delete_original
false
host_id
HostId-%Rand%
install_path
%AppData%\Install\Host.exe
keylogger_dir
%AppData%\Logs\
lock_executable
false
mutex
pbNlVBON
offline_keylogger
true
password
Password
registry_autorun
false
use_mutex
true

Targets

- Target
  
  c43f9a6bbb9ae4e618d4a72c626259d4_JaffaCakes118
- Size
  
  540KB
- MD5
  
  c43f9a6bbb9ae4e618d4a72c626259d4
- SHA1
  
  b0d56df59de23d693e9d2bcfde5569c683895715
- SHA256
  
  d05b01de0d1bd816e1024cb47ba0b5c2205cc3aa274e466d59a39052ad945c36
- SHA512
  
  9b237dbcb32e0e5cba0d15c954c6bd830cee42d0235083a3d6dff49e6b25968ae797006fe432a264ee59b3e2139b0b40fd6479dfb14c2912df1cf91abb3a6fb6
- SSDEEP
  
  3072:lYFzyxPM+ETS8wwyd+Z9vZ9hiCeZI9rliT/qyqms1XIfnEL08kRk60RjH:lYJyxPML/OwFhiu9rlqa71MEL0P7uj
Score

10^/10

netwire botnet discovery rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

netwirebotnetdiscoveryratstealer

behavioral2

netwirebotnetdiscoveryratstealer

© 2018-2025

Terms | Privacy