netwire | 910c19bc45d9dfebed20bea969b6518403647a4dbda902ce136532c305819b37 | Triage

Submit
Reports

Overview

overview

Static

static

dac37ef31a...18.exe

windows7-x64

dac37ef31a...18.exe

windows10-2004-x64

Sharing

General

Target

dac37ef31af77ad682732e31a77b367e_JaffaCakes118
Size

200KB
Sample

241209-v7hm5svqhv
MD5

dac37ef31af77ad682732e31a77b367e
SHA1

08fac654b27bef367e35d365f95bb58817bcc53c
SHA256

910c19bc45d9dfebed20bea969b6518403647a4dbda902ce136532c305819b37
SHA512

080e2a54c42abfdec15d3f581e9066301dcf32d5fcc3f8922f18354c8086e9e8632fbc93ed6bab8c825e3d57e8c905d8facd4e8f72528e55dc8f71ed5590b5f6
SSDEEP

6144:POTcK+NrRioGHlz8rz0i/szQqqDvFfbD8/8g:HK+Nr8MrYi/CqRDD8/

Score

10^/10

netwire botnet discovery persistence rat stealer

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

dac37ef31af77ad682732e31a77b367e_JaffaCakes118.exe

Resource

win7-20240903-en

netwire botnet discovery persistence rat stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

dac37ef31af77ad682732e31a77b367e_JaffaCakes118.exe

Resource

win10v2004-20241007-en

netwire botnet discovery persistence rat stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

netwire

C2

haija.mine.nu:1338

Attributes

activex_autorun
false
copy_executable
false
delete_original
false
host_id
aegispirate
keylogger_dir
%AppData%\Logs\
lock_executable
false
mutex
OOxTmvdD
offline_keylogger
true
password
qays1122
registry_autorun
true
startup_name
chrome
use_mutex
true

Targets

- Target
  
  dac37ef31af77ad682732e31a77b367e_JaffaCakes118
- Size
  
  200KB
- MD5
  
  dac37ef31af77ad682732e31a77b367e
- SHA1
  
  08fac654b27bef367e35d365f95bb58817bcc53c
- SHA256
  
  910c19bc45d9dfebed20bea969b6518403647a4dbda902ce136532c305819b37
- SHA512
  
  080e2a54c42abfdec15d3f581e9066301dcf32d5fcc3f8922f18354c8086e9e8632fbc93ed6bab8c825e3d57e8c905d8facd4e8f72528e55dc8f71ed5590b5f6
- SSDEEP
  
  6144:POTcK+NrRioGHlz8rz0i/szQqqDvFfbD8/8g:HK+Nr8MrYi/CqRDD8/
Score

10^/10

netwire botnet discovery persistence rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Netwire family
  netwire
- Core1 .NET packer
  Detects packer/loader used by .NET malware.
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

netwirebotnetdiscoverypersistenceratstealer

behavioral2

netwirebotnetdiscoverypersistenceratstealer

© 2018-2025

Terms | Privacy