netwire | 5d3cd35b14139a2a6e67171db87a035c3da9aba952969197e41fa78abdf7ff4e | Triage

Submit
Reports

Overview

overview

Static

static

3

New Order1...pj.exe

windows7-x64

New Order1...pj.exe

windows10-2004-x64

Sharing

General

Target

New Order14112016‮gpj.exe
Size

780KB
Sample

240527-rszrbsfe6w
MD5

f4e294e4ff1d37874053074e502349ec
SHA1

ada0f22588448ffc218556ce12b045316d1ee418
SHA256

5d3cd35b14139a2a6e67171db87a035c3da9aba952969197e41fa78abdf7ff4e
SHA512

c81582ce3119cc670f6092c82a525dc0fb9a4b68427646a7bc04fe0e0814845a82782c4284c5576453bc944f660778dc836d784d7f5fd780c56a101574cb0328
SSDEEP

3072:lD7fFC3Xi1NCvsHrryNyXtYUKucJcmGUcBCEHl5HHghiUjIyDvUmTncs4U+21s8D:lv06NIIKOm+YSHllAhxc2smYsvds8WC

Score

10^/10

netwire botnet rat stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

New Order14112016‮gpj.exe

Resource

win7-20240508-en

netwire botnet rat stealer

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

New Order14112016‮gpj.exe

Resource

win10v2004-20240226-en

netwire botnet rat stealer

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

netwire

C2

190.123.44.137:3369

Attributes

activex_autorun
false
copy_executable
false
delete_original
false
host_id
HostId-%Rand%
keylogger_dir
%AppData%\Logs\
lock_executable
false
offline_keylogger
true
password
Password
registry_autorun
false
use_mutex
false

Targets

- Target
  
  New Order14112016‮gpj.exe
- Size
  
  780KB
- MD5
  
  f4e294e4ff1d37874053074e502349ec
- SHA1
  
  ada0f22588448ffc218556ce12b045316d1ee418
- SHA256
  
  5d3cd35b14139a2a6e67171db87a035c3da9aba952969197e41fa78abdf7ff4e
- SHA512
  
  c81582ce3119cc670f6092c82a525dc0fb9a4b68427646a7bc04fe0e0814845a82782c4284c5576453bc944f660778dc836d784d7f5fd780c56a101574cb0328
- SSDEEP
  
  3072:lD7fFC3Xi1NCvsHrryNyXtYUKucJcmGUcBCEHl5HHghiUjIyDvUmTncs4U+21s8D:lv06NIIKOm+YSHllAhxc2smYsvds8WC
Score

10^/10

netwire botnet rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

netwirebotnetratstealer

behavioral2

netwirebotnetratstealer

© 2018-2024

Terms | Privacy