netwire | b635b825c59ef2604faef4ff8d6f1b97ed7af8af134a5aa7eb518210ffbcd2f3 | Triage

Sharing

General

Target

2512400a57cc5bcea15c91e25815ab7a_JaffaCakes118
Size

320KB
Sample

241008-zcc7dsxfnc
MD5

2512400a57cc5bcea15c91e25815ab7a
SHA1

6e7aeaa6cbba4a8b0436db04af9b9fe02f41a3d1
SHA256

b635b825c59ef2604faef4ff8d6f1b97ed7af8af134a5aa7eb518210ffbcd2f3
SHA512

675517534cbdd753fc91d6b887005e1bd437f2fffde6541df261d710803bfcef0a497b3bd491bea8a9db39d833563f7fac30238b35cde68812a26dcef8c58e71
SSDEEP

3072:Z8DWAEdnlqfDrImwhs3viexsI8EsnnuvGEO1g03ifNJcT2b/2v/cX1fmu8UO:aHgi3qeThsuCKfsTc23g1fmu8U

Score

10^/10

netwire botnet discovery rat stealer

Malware Config

Extracted

Family

netwire

C2

wealthyman.brasilia.me:39560

Attributes

activex_autorun
false
copy_executable
false
delete_original
false
host_id
WEALTH
keylogger_dir
%AppData%\music\
lock_executable
false
offline_keylogger
true
password
sucess
registry_autorun
false
use_mutex
false

Targets

- Target
  
  2512400a57cc5bcea15c91e25815ab7a_JaffaCakes118
- Size
  
  320KB
- MD5
  
  2512400a57cc5bcea15c91e25815ab7a
- SHA1
  
  6e7aeaa6cbba4a8b0436db04af9b9fe02f41a3d1
- SHA256
  
  b635b825c59ef2604faef4ff8d6f1b97ed7af8af134a5aa7eb518210ffbcd2f3
- SHA512
  
  675517534cbdd753fc91d6b887005e1bd437f2fffde6541df261d710803bfcef0a497b3bd491bea8a9db39d833563f7fac30238b35cde68812a26dcef8c58e71
- SSDEEP
  
  3072:Z8DWAEdnlqfDrImwhs3viexsI8EsnnuvGEO1g03ifNJcT2b/2v/cX1fmu8UO:aHgi3qeThsuCKfsTc23g1fmu8U
Score

10^/10

netwire botnet discovery rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

netwirebotnetdiscoveryratstealer

behavioral2

netwirebotnetdiscoveryratstealer