netwire | ced6da7eff48a5ca7ea68346b9dacfbf0da34083df6cc4e40f28e1f85a943466 | Triage

Submit
Reports

Overview

overview

Static

static

cf0072564f...18.exe

windows7-x64

cf0072564f...18.exe

windows10-2004-x64

Sharing

General

Target

cf0072564f42fa9fe2a292fed5e22b1e_JaffaCakes118
Size

105KB
Sample

240906-jbxawatgqh
MD5

cf0072564f42fa9fe2a292fed5e22b1e
SHA1

7006e1ee17c5eb87d25c5826439f464b6ce22c32
SHA256

ced6da7eff48a5ca7ea68346b9dacfbf0da34083df6cc4e40f28e1f85a943466
SHA512

3114d3e7a1dfe3ea71006b8c45f3bca503164970c19cf77afbaa3115db63c6c8149c4dd68941f1ae59d8f233f6ba76a37e05747f8e080ff02f8a5101c34a0c32
SSDEEP

1536:W+kWqNoD2BUvkeO6Vwu1CwNGG6nJnwSN3QPD6B1FfZ1qkHQemwZSbUgoDwSTynU:WdWSUvu0CwNcnFzZI+myDXTynU

Score

10^/10

netwire botnet rat stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

cf0072564f42fa9fe2a292fed5e22b1e_JaffaCakes118.exe

Resource

win7-20240903-en

netwire botnet rat stealer

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

cf0072564f42fa9fe2a292fed5e22b1e_JaffaCakes118.exe

Resource

win10v2004-20240802-en

netwire botnet rat stealer

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Extracted

Family

netwire

C2

engine79.ddns.net:4414

chrisle79.ddns.net:4414

jacknop79.ddns.net:4414

smath79.ddns.net:4414

whatis79.ddns.net:4414

goodgt79.ddns.net:4414

bonding79.ddns.net:4414

Attributes

activex_autorun
false
copy_executable
false
delete_original
false
host_id
June 2019
keylogger_dir
%AppData%\Logs\
lock_executable
false
mutex
nrYPKjrp
offline_keylogger
true
password
Password2$
registry_autorun
false
use_mutex
true

Targets

- Target
  
  cf0072564f42fa9fe2a292fed5e22b1e_JaffaCakes118
- Size
  
  105KB
- MD5
  
  cf0072564f42fa9fe2a292fed5e22b1e
- SHA1
  
  7006e1ee17c5eb87d25c5826439f464b6ce22c32
- SHA256
  
  ced6da7eff48a5ca7ea68346b9dacfbf0da34083df6cc4e40f28e1f85a943466
- SHA512
  
  3114d3e7a1dfe3ea71006b8c45f3bca503164970c19cf77afbaa3115db63c6c8149c4dd68941f1ae59d8f233f6ba76a37e05747f8e080ff02f8a5101c34a0c32
- SSDEEP
  
  1536:W+kWqNoD2BUvkeO6Vwu1CwNGG6nJnwSN3QPD6B1FfZ1qkHQemwZSbUgoDwSTynU:WdWSUvu0CwNcnFzZI+myDXTynU
Score

10^/10

netwire botnet rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

netwirebotnetratstealer

behavioral2

netwirebotnetratstealer

© 2018-2025

Terms | Privacy