netwire | 1fb6f5111d897067dac0ee98900dd4d801c0fcd54661b620179c4fb35abcfec4 | Triage

Submit
Reports

Overview

overview

Static

static

3

1fb6f5111d...c4.exe

windows7-x64

1fb6f5111d...c4.exe

windows10-2004-x64

Sharing

General

Target

1fb6f5111d897067dac0ee98900dd4d801c0fcd54661b620179c4fb35abcfec4
Size

172KB
Sample

241126-zr243ayrhw
MD5

24586762b03e906849a15895e99d261e
SHA1

08ff863d6afb675acf30119da70fee5f871d46cb
SHA256

1fb6f5111d897067dac0ee98900dd4d801c0fcd54661b620179c4fb35abcfec4
SHA512

5ba96ba63a986974d740ef6236152802eb2bf4e8ca24c1f2e84868e412b0eb242d7890ca891fdc22b57d0beba97c1e7a44ecf4b884fdaaaad4036212ee90a609
SSDEEP

3072:96RrEikYA0QdTh532O8QXJlx3er+jL7ScA96TElZIajM/naFhNlUw4WOXZzq:9d0Ih532Kd3zjL7S1kEl7jyaFJm6

Score

10^/10

netwire botnet discovery rat stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1fb6f5111d897067dac0ee98900dd4d801c0fcd54661b620179c4fb35abcfec4.exe

Resource

win7-20240903-en

netwire botnet discovery rat stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

1fb6f5111d897067dac0ee98900dd4d801c0fcd54661b620179c4fb35abcfec4.exe

Resource

win10v2004-20241007-en

netwire botnet discovery rat stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

netwire

C2

185.84.181.95:8977

Attributes

activex_autorun
false
copy_executable
false
delete_original
false
host_id
LAGOS NAWA
keylogger_dir
%AppData%\Logs\
lock_executable
false
offline_keylogger
true
password
Password
registry_autorun
false
use_mutex
false

Targets

- Target
  
  1fb6f5111d897067dac0ee98900dd4d801c0fcd54661b620179c4fb35abcfec4
- Size
  
  172KB
- MD5
  
  24586762b03e906849a15895e99d261e
- SHA1
  
  08ff863d6afb675acf30119da70fee5f871d46cb
- SHA256
  
  1fb6f5111d897067dac0ee98900dd4d801c0fcd54661b620179c4fb35abcfec4
- SHA512
  
  5ba96ba63a986974d740ef6236152802eb2bf4e8ca24c1f2e84868e412b0eb242d7890ca891fdc22b57d0beba97c1e7a44ecf4b884fdaaaad4036212ee90a609
- SSDEEP
  
  3072:96RrEikYA0QdTh532O8QXJlx3er+jL7ScA96TElZIajM/naFhNlUw4WOXZzq:9d0Ih532Kd3zjL7S1kEl7jyaFJm6
Score

10^/10

netwire botnet discovery rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Netwire family
  netwire
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

netwirebotnetdiscoveryratstealer

behavioral2

netwirebotnetdiscoveryratstealer

© 2018-2025

Terms | Privacy