netwire | ee1a3b6747408c19a04a7bd69a4af9d81e71637a49ea16834e9e5ad381be4241 | Triage

Submit
Reports

Overview

overview

Static

static

3

81e62e155a...18.exe

windows7-x64

81e62e155a...18.exe

windows10-2004-x64

Sharing

General

Target

81e62e155aa60cb563f4abb72e2d7545_JaffaCakes118
Size

250KB
Sample

240529-zrzzpsad65
MD5

81e62e155aa60cb563f4abb72e2d7545
SHA1

64c7ff05b6043a53e3c5b32f9d1610c7a711b274
SHA256

ee1a3b6747408c19a04a7bd69a4af9d81e71637a49ea16834e9e5ad381be4241
SHA512

906352611c7dc7b8204ad91faacba3f89006245f6d6d739fe24dfcd2edf4e8c48323009f7fafb96ea072d0affaaa80ce78456b7d151a6b0d24514c04eba0ecba
SSDEEP

6144:q1BLCofs/ic8Uo1DeXggJYXRYhxhjuk618HMqWIpbsQO:oLCCsKsuUJY2GH8KUQx

Score

10^/10

netwire botnet rat stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

81e62e155aa60cb563f4abb72e2d7545_JaffaCakes118.exe

Resource

win7-20240508-en

netwire botnet rat stealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

81e62e155aa60cb563f4abb72e2d7545_JaffaCakes118.exe

Resource

win10v2004-20240426-en

netwire botnet rat stealer

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

netwire

C2

mardjdf.ug:6974

kjsdtrfuyhgxcv.ru:6974

Attributes

activex_autorun
false
copy_executable
false
delete_original
false
host_id
HostId-%Rand%
keylogger_dir
%AppData%\Tlogs\
lock_executable
false
mutex
hgdGIATE
offline_keylogger
true
password
rdfs34df32sdf
registry_autorun
false
use_mutex
true

Targets

- Target
  
  81e62e155aa60cb563f4abb72e2d7545_JaffaCakes118
- Size
  
  250KB
- MD5
  
  81e62e155aa60cb563f4abb72e2d7545
- SHA1
  
  64c7ff05b6043a53e3c5b32f9d1610c7a711b274
- SHA256
  
  ee1a3b6747408c19a04a7bd69a4af9d81e71637a49ea16834e9e5ad381be4241
- SHA512
  
  906352611c7dc7b8204ad91faacba3f89006245f6d6d739fe24dfcd2edf4e8c48323009f7fafb96ea072d0affaaa80ce78456b7d151a6b0d24514c04eba0ecba
- SSDEEP
  
  6144:q1BLCofs/ic8Uo1DeXggJYXRYhxhjuk618HMqWIpbsQO:oLCCsKsuUJY2GH8KUQx
Score

10^/10

netwire botnet rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

netwirebotnetratstealer

behavioral2

netwirebotnetratstealer

© 2018-2024

Terms | Privacy