netwire | aa678a0d186a699538402b004c68a19305ccc364f8d2b74eb07ccec9a0eecd55 | Triage

Submit
Reports

Overview

overview

Static

static

5

JaffaCakes...6b.exe

windows7-x64

JaffaCakes...6b.exe

windows10-2004-x64

5

Sharing

General

Target

JaffaCakes118_8ec57ed96acbf703ffce25d772b9456b
Size

687KB
Sample

250108-gggq9swqh1
MD5

8ec57ed96acbf703ffce25d772b9456b
SHA1

dc9b2ad36eca610c4648ad52d748321377c0d089
SHA256

aa678a0d186a699538402b004c68a19305ccc364f8d2b74eb07ccec9a0eecd55
SHA512

89613cf7e4999d36c27e6e871046cecfd0e81af66e0a3d4a8a28ad870d5ac09e631fb5e5495415472b79ebb779727a1086ffc5038e1a12cfcb71b76f09352a14
SSDEEP

12288:DAlwC3XcfrcZ68FCAYNETcGoImVs8J2mQ1+qSJ8l61wfgRyw:cwOkCdYNETcDIj8Q/1+rJAtfF

Score

10^/10

netwire botnet discovery persistence rat stealer upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_8ec57ed96acbf703ffce25d772b9456b.exe

Resource

win7-20240729-en

netwire botnet discovery persistence rat stealer upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_8ec57ed96acbf703ffce25d772b9456b.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Extracted

Family

netwire

C2

corected0.duckdns.org:54213

Attributes

activex_autorun
false
copy_executable
false
delete_original
false
host_id
HostId-%Rand%
keylogger_dir
%AppData%\FuTrU\Logs\
lock_executable
true
mutex
ueAtXIon
offline_keylogger
true
password
Password
registry_autorun
false
use_mutex
true

Targets

- Target
  
  JaffaCakes118_8ec57ed96acbf703ffce25d772b9456b
- Size
  
  687KB
- MD5
  
  8ec57ed96acbf703ffce25d772b9456b
- SHA1
  
  dc9b2ad36eca610c4648ad52d748321377c0d089
- SHA256
  
  aa678a0d186a699538402b004c68a19305ccc364f8d2b74eb07ccec9a0eecd55
- SHA512
  
  89613cf7e4999d36c27e6e871046cecfd0e81af66e0a3d4a8a28ad870d5ac09e631fb5e5495415472b79ebb779727a1086ffc5038e1a12cfcb71b76f09352a14
- SSDEEP
  
  12288:DAlwC3XcfrcZ68FCAYNETcGoImVs8J2mQ1+qSJ8l61wfgRyw:cwOkCdYNETcDIj8Q/1+rJAtfF
Score

10^/10

netwire botnet discovery persistence rat stealer upx
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Netwire family
  netwire
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

netwirebotnetdiscoverypersistenceratstealerupx

behavioral2

© 2018-2025

Terms | Privacy