netwire | 061506c9e5c7a713d67861b446f84639330eb6b1f1d33c9702441b8a69e84459 | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...d2.exe

windows7-x64

JaffaCakes...d2.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_f04cc83399b31a729f2422c62f3855d2
Size

172KB
Sample

250110-2qn7xs1pc1
MD5

f04cc83399b31a729f2422c62f3855d2
SHA1

fc54c566fcc87aa096fd58f1250f6123b91c8240
SHA256

061506c9e5c7a713d67861b446f84639330eb6b1f1d33c9702441b8a69e84459
SHA512

e3b1ea17b2fcdc012082f887ae42e8fbe2ac52c3c664499eccb90c6d2db691ff125da0200288447654abab7671a8d0b5789c7eb2907fbf818c720a1fc5e8df76
SSDEEP

3072:X6RrEikYA0QdTh532O8QXJlx3er+jL7ScA96TElZIajM/naFhNlUw4WOXZV:Xd0Ih532Kd3zjL7S1kEl7jyaFJm

Score

10^/10

netwire botnet discovery rat stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_f04cc83399b31a729f2422c62f3855d2.exe

Resource

win7-20240903-en

netwire botnet discovery rat stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_f04cc83399b31a729f2422c62f3855d2.exe

Resource

win10v2004-20241007-en

netwire botnet discovery rat stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

netwire

C2

185.84.181.95:8977

Attributes

activex_autorun
false
copy_executable
false
delete_original
false
host_id
LAGOS NAWA
keylogger_dir
%AppData%\Logs\
lock_executable
false
offline_keylogger
true
password
Password
registry_autorun
false
use_mutex
false

Targets

- Target
  
  JaffaCakes118_f04cc83399b31a729f2422c62f3855d2
- Size
  
  172KB
- MD5
  
  f04cc83399b31a729f2422c62f3855d2
- SHA1
  
  fc54c566fcc87aa096fd58f1250f6123b91c8240
- SHA256
  
  061506c9e5c7a713d67861b446f84639330eb6b1f1d33c9702441b8a69e84459
- SHA512
  
  e3b1ea17b2fcdc012082f887ae42e8fbe2ac52c3c664499eccb90c6d2db691ff125da0200288447654abab7671a8d0b5789c7eb2907fbf818c720a1fc5e8df76
- SSDEEP
  
  3072:X6RrEikYA0QdTh532O8QXJlx3er+jL7ScA96TElZIajM/naFhNlUw4WOXZV:Xd0Ih532Kd3zjL7S1kEl7jyaFJm
Score

10^/10

netwire botnet discovery rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Netwire family
  netwire
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

netwirebotnetdiscoveryratstealer

behavioral2

netwirebotnetdiscoveryratstealer

© 2018-2025

Terms | Privacy