Manuel Statik Analiz — NetWire RAT | Tehdit: YUKSEK

Dosya Kimligi

SHA25673cf4c1de3510d40e4bfed23427d451ea32fefe1406e9aff0e8a50d7b0c0ea48
Boyut169.472 byte
String Sayisi1.016

GeoIP Kontrolu

http://www.yandex.com   -- GeoIP / kurban lokasyon tespiti

Chrome Kimlik Bilgisi Calma

%s\Google\Chrome\User Data\Default\Login Data
-- Google Chrome sifreli parola veritabani
encryptedPassword, encryptedUsername, encrypted_key

NetWire Protokol

HostId, Host: %s        -- NetWire C2 protocol header
T4 C2W                  -- C2 sekman isareti

IOC

SHA25673cf4c1de3510d40e4bfed23427d451ea32fefe1406e9aff0e8a50d7b0c0ea48
ChromeLogin Data hedefi
Geo Checkhttp://www.yandex.com

NetWire — Malware Profile

NetWireRAT. 88-hex ChaCha20 key+nonce. Embedded PCRE regex engine. Credential pattern matching.

Malware Type
RAT
Programming Language
C
C2 Protocol
TCP
Target Systems
Windows/Linux/macOS

Capabilities & Behavior

Uzaktan Erişim & Kontrol
Keylogger
Ekran Görüntüsü
Webcam Erişimi
Dosya Yönetimi
Süreç Yönetimi
Komut Yürütme
Kalıcılık Mekanizması

IOC List (1 indicators)

IOC — NetWire
# SHA256 73cf4c1de3510d40e4bfed23427d451ea32fefe1406e9aff0e8a50d7b0c0ea48
TypeValueNote
sha256 73cf4c1de3510d40e4bfed23427d451ea32fefe1406e9aff0e8a50d7b0c0ea48
Tags
netwireratchromecredential-theftyandex-geoiphostid