netwire | 1081a008943d8c67a28d92519792534bd58927cc3f5a010cf4f1ffb04ef5ae04 | Triage

Submit
Reports

Overview

overview

Static

static

3

e49c09156b...18.exe

windows7-x64

e49c09156b...18.exe

windows10-2004-x64

Sharing

General

Target

e49c09156be771b3d16101905e9fa96f_JaffaCakes118
Size

275KB
Sample

240916-mv42lstbpc
MD5

e49c09156be771b3d16101905e9fa96f
SHA1

fe4436364fef2faea57bcf26e9d2a3e1e77224ad
SHA256

1081a008943d8c67a28d92519792534bd58927cc3f5a010cf4f1ffb04ef5ae04
SHA512

7db85fb962610a49f934dfe87afa953f29abaf0d84c18236c101dd3a2f9b99d5bc2c00b7991a15ae2d4cc0f7a9ddc43e8ac25fa47775bd6c894bf69d1f02a4a8
SSDEEP

3072:X3ZnQm4mdfCnsXBF3a/zfFitmrafgDgn+MryVVBJut7wuJhT4wOWq99Szv1ljhqb:n2m4mdKyFKzFOHfgDwK4R5OWq99SzLz

Score

10^/10

netwire botnet discovery rat stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

e49c09156be771b3d16101905e9fa96f_JaffaCakes118.exe

Resource

win7-20240903-en

netwire botnet discovery rat stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

e49c09156be771b3d16101905e9fa96f_JaffaCakes118.exe

Resource

win10v2004-20240802-en

netwire botnet discovery rat stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

netwire

C2

fingers1.ddns.net:3360

Attributes

activex_autorun
false
copy_executable
false
delete_original
false
host_id
HostId-%Rand%
keylogger_dir
%AppData%\Logs\
lock_executable
false
offline_keylogger
true
password
Password
registry_autorun
false
use_mutex
false

Targets

- Target
  
  e49c09156be771b3d16101905e9fa96f_JaffaCakes118
- Size
  
  275KB
- MD5
  
  e49c09156be771b3d16101905e9fa96f
- SHA1
  
  fe4436364fef2faea57bcf26e9d2a3e1e77224ad
- SHA256
  
  1081a008943d8c67a28d92519792534bd58927cc3f5a010cf4f1ffb04ef5ae04
- SHA512
  
  7db85fb962610a49f934dfe87afa953f29abaf0d84c18236c101dd3a2f9b99d5bc2c00b7991a15ae2d4cc0f7a9ddc43e8ac25fa47775bd6c894bf69d1f02a4a8
- SSDEEP
  
  3072:X3ZnQm4mdfCnsXBF3a/zfFitmrafgDgn+MryVVBJut7wuJhT4wOWq99Szv1ljhqb:n2m4mdKyFKzFOHfgDwK4R5OWq99SzLz
Score

10^/10

netwire botnet discovery rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Drops startup file
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

netwirebotnetdiscoveryratstealer

behavioral2

netwirebotnetdiscoveryratstealer

© 2018-2025

Terms | Privacy