NetWire RC

Description

Netwire is a RAT, its functionality seems focused on password stealing and keylogging, but includes remote control capabilities as well.

Keylog files are stored on the infected machine in an obfuscated form. The algorithm is:

for i in range(0,num_read): buffer[i] = ((buffer[i]-0x24)^0x9D)&0xFF

Names

Name
NetWire RC
NetWire RAT
NetWired RC
NetWire
NetWeird
Recam

Category

Malware

Type

• POS malware
• Backdoor
• Keylogger
• Credential stealer

Information

• http://researchcenter.paloaltonetworks.com/2014/08/new-release-decrypting-netwire-c2-traffic/
• https://www.circl.lu/pub/tr-23/
• https://www.fireeye.com/blog/threat-research/2017/09/apt33-insights-into-iranian-cyber-espionage.html
• http://blog.talosintelligence.com/2017/12/recam-redux-deconfusing-confuserex.html
• https://www.secureworks.com/blog/netwire-rat-steals-payment-card-data
• https://maskop9.wordpress.com/2019/01/30/analysis-of-netwiredrc-trojan/
• https://yoroi.company/research/new-cyber-operation-targets-italy-digging-into-the-netwire-attack-chain/
• https://blog.talosintelligence.com/2022/01/nanocore-netwire-and-asyncrat-spreading.html

Mitre Attack

• https://attack.mitre.org/software/S0198/

Malpedia

• https://malpedia.caad.fkie.fraunhofer.de/details/win.netwire

Alienvault Otx

• https://otx.alienvault.com/browse/pulses?q=tag:Netwire

Other Information

Uuid

0ddad3ec-e810-4333-827b-2d03a3627403

Last Card Change

2022-12-28