netwire | 3efdd12e1b22a0d5fba33eee2d25867bd91f26044871f5aba5b5a6c7b474ae17 | Triage

Submit
Reports

Overview

overview

Static

static

3

7D8C065130...68.exe

windows7-x64

7D8C065130...68.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_3efdd12e1b22a0d5fba33eee2d25867bd91f26044871f5aba5b5a6c7b474ae17
Size

39.8MB
Sample

241221-ye94gaxqhp
MD5

1a2146ae7ee8d609ed0cd59b976f63f4
SHA1

716d9616bc0026ab3c4b4903fcd2deb3ed7e2829
SHA256

3efdd12e1b22a0d5fba33eee2d25867bd91f26044871f5aba5b5a6c7b474ae17
SHA512

6e011a5e25f7b458203b8e765d75962d6bf59fe53cd3b94e17c381a5f52ba149c9d53dcd9a2c17171c93809e45e7695a25684eac8dc72739461433bfea87f331
SSDEEP

786432:juJ5/47J70UB5ee4rwG8EHqXGz93zk4AygOsOg+nbrGXjAFgb7cSOi8ROsK5s6Qz:jgw7J7rB5T486HAGz93zk4AygDOg++Xw

Score

10^/10

netwire botnet discovery evasion rat stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

7D8C0651308979082BCD3612A6A88D1C083B768300F2E7B5494471AF897A0C68.exe

Resource

win7-20240708-en

netwire botnet discovery evasion rat stealer

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

7D8C0651308979082BCD3612A6A88D1C083B768300F2E7B5494471AF897A0C68.exe

Resource

win10v2004-20241007-en

netwire botnet discovery evasion rat stealer

windows10-2004-x64

24 signatures

150 seconds

Malware Config

Extracted

Family

netwire

C2

alice2019.myftp.biz:3360

Attributes

activex_autorun
false
copy_executable
false
delete_original
false
host_id
OSCARO2021
keylogger_dir
%AppData%\Logs\
lock_executable
false
offline_keylogger
true
password
Password
registry_autorun
false
use_mutex
false

Targets

- Target
  
  7D8C0651308979082BCD3612A6A88D1C083B768300F2E7B5494471AF897A0C68
- Size
  
  39.9MB
- MD5
  
  b855c5f1fb3f6fc293f8f02671d4da7e
- SHA1
  
  67d9385d50afd152bdfc435ae234f933bfbdeb90
- SHA256
  
  7d8c0651308979082bcd3612a6a88d1c083b768300f2e7b5494471af897a0c68
- SHA512
  
  d737daa9dd3d3fe792f2ba2dd9a7d6093e6702d2d5a35dee8321493131ec22844be037502eab5a8ec35f389d91786115e9d541bc480f37b737155680add8974e
- SSDEEP
  
  786432:RsZE57/40KmvXsx+rJe9AAPLIwCKsrZs32a4nU/StfOrUuo/3yvWmo/4RT+PcNmy:Rsa1KEjryA8Xo232aiCSyTCyHRTx
Score

10^/10

netwire botnet discovery evasion rat stealer
- Modifies firewall policy service
  evasion
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Netwire family
  netwire
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

netwirebotnetdiscoveryevasionratstealer

behavioral2

netwirebotnetdiscoveryevasionratstealer

© 2018-2025

Terms | Privacy