netwire | afd26079505c52f938bf1af51d8633833a7a8804b4a8171487e26dd06c84735f | Triage

Submit
Reports

Overview

overview

Static

static

3

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

afd26079505c52f938bf1af51d8633833a7a8804b4a8171487e26dd06c84735f
Size

796KB
Sample

240915-pdq5jashmf
MD5

5c7fcc11b2a9d0c9e891946a9d36067a
SHA1

8e3e22d19d12f4836e2b7c9f42d84cf7faf91907
SHA256

afd26079505c52f938bf1af51d8633833a7a8804b4a8171487e26dd06c84735f
SHA512

aa4c6b2204187d708a3ba8c572ed3b17032b7f623a2f65c2687bdcc56aec16ec54d9b2633416932f070fcdbb25ade48b4fa40969c4eef40beb5c6c53c6c66c47
SSDEEP

24576:ldmo30ahMwQWnagWWt34TWvZQiyMPvDpbB:vRyMXP

Score

10^/10

netwire botnet discovery persistence rat stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

afd26079505c52f938bf1af51d8633833a7a8804b4a8171487e26dd06c84735f.exe

Resource

win10v2004-20240802-en

netwire botnet discovery persistence rat stealer

windows10-2004-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

afd26079505c52f938bf1af51d8633833a7a8804b4a8171487e26dd06c84735f.exe

Resource

win11-20240802-en

netwire botnet discovery persistence rat stealer

windows11-21h2-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

netwire

C2

localupdate.ns02.info:1443

LOCALSERVER.ns01.US:1443

dnsresoIve.ns01.US:1443

PLUGINUPDATES.duckdns.org:1443

updateavlocalgenuine.com:1443

dnsresolve.nsl1.cc:1443

Attributes

activex_autorun
false
activex_key
{A3N5KUJ4-U7S4-6J45-1DJ6-32HM4W8Q0615}
copy_executable
false
delete_original
false
host_id
ADM-%Rand%
lock_executable
false
offline_keylogger
false
password
DuleX
registry_autorun
false
use_mutex
false

Targets

- Target
  
  afd26079505c52f938bf1af51d8633833a7a8804b4a8171487e26dd06c84735f
- Size
  
  796KB
- MD5
  
  5c7fcc11b2a9d0c9e891946a9d36067a
- SHA1
  
  8e3e22d19d12f4836e2b7c9f42d84cf7faf91907
- SHA256
  
  afd26079505c52f938bf1af51d8633833a7a8804b4a8171487e26dd06c84735f
- SHA512
  
  aa4c6b2204187d708a3ba8c572ed3b17032b7f623a2f65c2687bdcc56aec16ec54d9b2633416932f070fcdbb25ade48b4fa40969c4eef40beb5c6c53c6c66c47
- SSDEEP
  
  24576:ldmo30ahMwQWnagWWt34TWvZQiyMPvDpbB:vRyMXP
Score

10^/10

netwire botnet discovery persistence rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

netwirebotnetdiscoverypersistenceratstealer

behavioral2

netwirebotnetdiscoverypersistenceratstealer

© 2018-2025

Terms | Privacy