netwire

General

Target

JaffaCakes118_2f7b31f3520a3ea6fd82959836983acf
Size

363KB
Sample

250106-vhr6aatqan
MD5

2f7b31f3520a3ea6fd82959836983acf
SHA1

3648e665640bb02c62f8d67af5df2b5482c063f0
SHA256

2889880139ee0b2163ed1234a1eb80e5e0706822b8b632eb00459464d32bce82
SHA512

e786fe69647fb7518c0a7f5236c64031020f765a3e4302bc9b8012717bea1295de0c0c8ddba63f589155442081396bbc55f78cacb5b19f3f8308535bf7938fd9
SSDEEP

6144:J577n8zu2DqpZUBDc2emIg8bVmNZ47pzmiSTk1GgmVKXGLb2S:L7nqAJmNW74ixGnR

Score

10^/10

Malware Config

Extracted

Family

netwire

C2

globalpersonaldns.ddns.net:54984

personalpractice1.hopto.org:54984

Attributes

activex_autorun
false
copy_executable
false
delete_original
false
host_id
clients
keylogger_dir
%AppData%\Logs\
lock_executable
false
mutex
vQSrxiLN
offline_keylogger
true
password
checkmate123
registry_autorun
false
use_mutex
true

Targets

- Target
  
  JaffaCakes118_2f7b31f3520a3ea6fd82959836983acf
- Size
  
  363KB
- MD5
  
  2f7b31f3520a3ea6fd82959836983acf
- SHA1
  
  3648e665640bb02c62f8d67af5df2b5482c063f0
- SHA256
  
  2889880139ee0b2163ed1234a1eb80e5e0706822b8b632eb00459464d32bce82
- SHA512
  
  e786fe69647fb7518c0a7f5236c64031020f765a3e4302bc9b8012717bea1295de0c0c8ddba63f589155442081396bbc55f78cacb5b19f3f8308535bf7938fd9
- SSDEEP
  
  6144:J577n8zu2DqpZUBDc2emIg8bVmNZ47pzmiSTk1GgmVKXGLb2S:L7nqAJmNW74ixGnR
Score

10^/10

netwire botnet discovery rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Netwire family
  netwire
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

NetWire RAT payload

Netwire family

Drops startup file

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2