Overview

overview

10

Static

static

3

f4af46ad96...2e.exe

windows7-x64

10

f4af46ad96...2e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    311efd8e7e6ce85922d5d86da90ecf57dce4fb6fbbc7ef965107618a94929008.zip

  • Size

    305KB

  • Sample

    250325-va6cyasqt7

  • MD5

    15b926b99447dee86bc97889e2adcd96

  • SHA1

    5984a68a5e34215d05482b4b05720149cabe2caf

  • SHA256

    311efd8e7e6ce85922d5d86da90ecf57dce4fb6fbbc7ef965107618a94929008

  • SHA512

    2fa3be48515db52b1075fced63e85fa5a9d5db130ed2b508716e4d26fd6f7e4c6e0b20b069547ac1e9cc0d740bb9b02e096e93cb5273b2af0289bd31585c8b0a

  • SSDEEP

    6144:bSC0hvGUPWBOFWSTUADuvGR7s1110pHTx3F+jhMPuxFQ:mb62WCUAu5ixRFkq8Q

Score
10/10
netwirebotnetdiscoverypersistenceratstealer

Malware Config

Extracted

Family

netwire

C2

pre08080.nsupdate.info:4770

dora21.duckdns.org:4770
Attributes
  • activex_autorun

    false

  • copy_executable

    false

  • delete_original

    false

  • host_id

    HostId-%Rand%

  • keylogger_dir

    %AppData%\Logs\

  • lock_executable

    false

  • offline_keylogger

    true

  • password

    Password

  • registry_autorun

    false

  • use_mutex

    false

Targets

    • Target

      f4af46ad96a86cad60d613a3387a0a68c580247ef88943e2ea0e5b9679a38c2e.exe

    • Size

      1.0MB

    • MD5

      0e4f29b6131f087e7fab5592df2c8a5a

    • SHA1

      53401638d823a38cc4c97e841e6ea87fb9e27f08

    • SHA256

      f4af46ad96a86cad60d613a3387a0a68c580247ef88943e2ea0e5b9679a38c2e

    • SHA512

      c359a480c1fe03e8e16cc9005b7cb513a4e9ffec90a9b1ad34bbfc568174432a1028bcafca698590aa44003cd3d92d3421dfa79a6af413cb618817e8716a1491

    • SSDEEP

      12288:WIsFHjuJv7DJ5cYkKwR17iUpCFLchjNOFkOhMH6FpfMH81rqL:gjuvhprUKL+p4fa81i

    Score
    10/10
    netwirebotnetdiscoverypersistenceratstealer

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Netwire family

      netwire

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.