Manuel Statik Analiz — NetWire RAT | Tehdit: YUKSEK

Fichier Kimligi

SHA25673cf4c1de3510d40e4bfed23427d451ea32fefe1406e9aff0e8a50d7b0c0ea48
Taille169.472 byte
String Sayisi1.016

GeoIP Kontrolu

http://www.yandex.com   -- GeoIP / kurban lokasyon tespiti

Chrome Kimlik Bilgisi Calma

%s\Google\Chrome\User Data\Default\Login Data
-- Google Chrome sifreli parola veritabani
encryptedPassword, encryptedUsername, encrypted_key

NetWire Protokol

HostId, Host: %s        -- NetWire C2 protocol header
T4 C2W                  -- C2 sekman isareti

IOC

SHA25673cf4c1de3510d40e4bfed23427d451ea32fefe1406e9aff0e8a50d7b0c0ea48
ChromeLogin Data hedefi
Geo Checkhttp://www.yandex.com

NetWire — Profil du malware

NetWireRAT. 88-hex ChaCha20 key+nonce. Embedded PCRE regex engine. Credential pattern matching.

Type de malware
RAT
Langage de programmation
C
Protocole C2
TCP
Systèmes ciblés
Windows/Linux/macOS

Capacités et comportement

Uzaktan Erişim & Kontrol
Keylogger
Ekran Görüntüsü
Webcam Erişimi
Dosya Yönetimi
Süreç Yönetimi
Komut Yürütme
Kalıcılık Mekanizması

Liste IOC (1 indicateurs)

IOC — NetWire
# SHA256 73cf4c1de3510d40e4bfed23427d451ea32fefe1406e9aff0e8a50d7b0c0ea48
TypeValeurNote
sha256 73cf4c1de3510d40e4bfed23427d451ea32fefe1406e9aff0e8a50d7b0c0ea48
Tags
netwireratchromecredential-theftyandex-geoiphostid