netwire | 612f288a358f6bfabc74937c10086107bede804413a5f6fd9e8f24f819669a0e | Triage

Submit
Reports

Overview

overview

Static

static

8

WACKER - 0...47.xls

windows7_x64

WACKER - 0...47.xls

windows10_x64

Sharing

General

Target

WACKER - 000160847.xls
Size

1.1MB
Sample

200630-ng77a5pbve
MD5

9e2c88810138b0856bda192ae70d34c4
SHA1

579853532fadf08ef8ed7369d6d596af619bdf5a
SHA256

612f288a358f6bfabc74937c10086107bede804413a5f6fd9e8f24f819669a0e
SHA512

eb6d05e14c0fcf4747970f3c1d9f227837a3ff04b88c5ad802c643453ee4978e4e080575016f4210e934d27a967e80cbf7c29f0e375a810be5067c94b52f1318

Score

10^/10

netwire botnet evasion macro rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

WACKER - 000160847.xls

Resource

win7

evasion spyware trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

WACKER - 000160847.xls

Resource

win10v200430

rat botnet stealer netwire

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

ps1

Source

URLs

ps1.dropper

http://officeservicecorp.biz/Lab.jpg

Targets

- Target
  
  WACKER - 000160847.xls
- Size
  
  1.1MB
- MD5
  
  9e2c88810138b0856bda192ae70d34c4
- SHA1
  
  579853532fadf08ef8ed7369d6d596af619bdf5a
- SHA256
  
  612f288a358f6bfabc74937c10086107bede804413a5f6fd9e8f24f819669a0e
- SHA512
  
  eb6d05e14c0fcf4747970f3c1d9f227837a3ff04b88c5ad802c643453ee4978e4e080575016f4210e934d27a967e80cbf7c29f0e375a810be5067c94b52f1318
Score

10^/10

evasion spyware trojan rat botnet stealer netwire
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blacklisted process makes network request
- Modifies system certificate store
  evasion spyware trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionspywaretrojan

behavioral2

ratbotnetstealernetwire

© 2018-2024

Terms | Privacy