netwire | 924169297865bdc9b8f72b2a1dcf1bd50d03189d15f869bba91835d92bf42c6e | Triage

Submit
Reports

Overview

overview

Static

static

5

9241692978...6e.exe

windows7-x64

9241692978...6e.exe

windows10-2004-x64

Sharing

General

Target

924169297865bdc9b8f72b2a1dcf1bd50d03189d15f869bba91835d92bf42c6e
Size

1.3MB
Sample

250306-hv2h9s11cs
MD5

2f51ca6cf13a67f4308829b0e3b0dd0a
SHA1

427002da14744223c78ef2be5ea14dd5f60dbf28
SHA256

924169297865bdc9b8f72b2a1dcf1bd50d03189d15f869bba91835d92bf42c6e
SHA512

b08591f62d1d9f4bec21b79812ff43f99a81933850f0c6b3ae4a0f5545ceaa51b94345add6d32b14bc5c13daeb112dd13875143c07a9666ea3b3a9b06b3620e5
SSDEEP

24576:dAHnh+eWsN3skA4RV1Hom2KXMmHacrDc8WChe5i:8h+ZkldoPK8YacUCyi

Score

10^/10

netwire botnet discovery rat stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

924169297865bdc9b8f72b2a1dcf1bd50d03189d15f869bba91835d92bf42c6e.exe

Resource

win7-20240903-en

netwire botnet discovery rat stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

924169297865bdc9b8f72b2a1dcf1bd50d03189d15f869bba91835d92bf42c6e.exe

Resource

win10v2004-20250217-en

netwire botnet discovery rat stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

netwire

C2

jinomoney.publicvm.com:7890

Attributes

activex_autorun
false
copy_executable
false
delete_original
false
host_id
HostId-%Rand%
keylogger_dir
%AppData%\Logs\
lock_executable
false
mutex
uupPNKrk
offline_keylogger
true
password
Password
registry_autorun
false
use_mutex
true

Targets

- Target
  
  924169297865bdc9b8f72b2a1dcf1bd50d03189d15f869bba91835d92bf42c6e
- Size
  
  1.3MB
- MD5
  
  2f51ca6cf13a67f4308829b0e3b0dd0a
- SHA1
  
  427002da14744223c78ef2be5ea14dd5f60dbf28
- SHA256
  
  924169297865bdc9b8f72b2a1dcf1bd50d03189d15f869bba91835d92bf42c6e
- SHA512
  
  b08591f62d1d9f4bec21b79812ff43f99a81933850f0c6b3ae4a0f5545ceaa51b94345add6d32b14bc5c13daeb112dd13875143c07a9666ea3b3a9b06b3620e5
- SSDEEP
  
  24576:dAHnh+eWsN3skA4RV1Hom2KXMmHacrDc8WChe5i:8h+ZkldoPK8YacUCyi
Score

10^/10

netwire botnet discovery rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Netwire family
  netwire
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

netwirebotnetdiscoveryratstealer

behavioral2

netwirebotnetdiscoveryratstealer

© 2018-2025

Terms | Privacy