BackDoor.Wirenet
- Xylitol
- Global Moderator
- Posts: 1671
- Joined: Sat Apr 10, 2010 5:54 pm
- Location: Seireitei, Soul Society
- Contact:
BackDoor.Wirenet
http://news.drweb.com/show/?i=2679&lng=en&c=14
Sample for Windows/GNU-Linux/Solaris/Mac OS X + Shellcodes in attach.
Small note, for Mac there is the Mach-O and the Application Bundle
Sample for Windows/GNU-Linux/Solaris/Mac OS X + Shellcodes in attach.
Small note, for Mac there is the Mach-O and the Application Bundle
You do not have the required permissions to view the files attached to this post.
Re: BackDoor.Wirenet
Isn't this one NetWire RAT? Seems like it.
- maddog4012
- Posts: 75
- Joined: Mon Aug 04, 2014 6:53 pm
Netwire RAT
Here is a variant of Netwire I can across today I have included the word doc that is sent to the victim e-mail. when the doc is opened it downloads Netwire
You do not have the required permissions to view the files attached to this post.
- Xylitol
- Global Moderator
- Posts: 1671
- Joined: Sat Apr 10, 2010 5:54 pm
- Location: Seireitei, Soul Society
- Contact:
Re: BackDoor.Wirenet
What's the password?
edit: virus
Doc file downloading
https://www.virustotal.com/en/file/ae22 ... 454114939/
Win32/Spy.Weecnaw.A (ESET) ~ http://www.virusradar.com/en/Win32_Spy. ... escription

edit: virus
Doc file downloading
Code: Select all
http://247financedeal.com/dbust.exe
Win32/Spy.Weecnaw.A (ESET) ~ http://www.virusradar.com/en/Win32_Spy. ... escription

Re: BackDoor.Wirenet
ESET has NetWeird name for OSX/Linux/Solaris samples, but for Windows they've picked another alias? it's strange..Xylitol wrote:https://www.virustotal.com/en/file/ae22 ... 454114939/Code: Select all
http://247financedeal.com/dbust.exe
Win32/Spy.Weecnaw.A (ESET) ~ http://www.virusradar.com/en/Win32_Spy. ... escription
Re: BackDoor.Wirenet
Another NetWire on the same server
https://www.virustotal.com/en/file/8e27 ... 444788304/
Xyl wrote about this
http://www.xylibox.com/2012/07/netwire- ... m-rat.html
Code: Select all
hxtp://247financedeal.com/cbust.exe
Xyl wrote about this
http://www.xylibox.com/2012/07/netwire- ... m-rat.html
Re: Malware collection
SHA256:
69f61b266fbcdbfd90b23ce4087206488f509ae3a38f356ff64e4d241e02dfad
Dateiname:
LICENS~1.EXE
Erkennungsrate:
14 / 59
https://virustotal.com/de/file/69f61b26 ... 498699772/
69f61b266fbcdbfd90b23ce4087206488f509ae3a38f356ff64e4d241e02dfad
Dateiname:
LICENS~1.EXE
Erkennungsrate:
14 / 59
https://virustotal.com/de/file/69f61b26 ... 498699772/
You do not have the required permissions to view the files attached to this post.
Re: Malware collection
not able to edit post,markusg wrote:SHA256:
69f61b266fbcdbfd90b23ce4087206488f509ae3a38f356ff64e4d241e02dfad
Dateiname:
LICENS~1.EXE
Erkennungsrate:
14 / 59
https://virustotal.com/de/file/69f61b26 ... 498699772/
its perhaps
TrojanSpy: Win32/Loyeetro.A
Re: Malware collection
It's NetWire RAT.markusg wrote:SHA256:
69f61b266fbcdbfd90b23ce4087206488f509ae3a38f356ff64e4d241e02dfad
Dateiname:
LICENS~1.EXE
Erkennungsrate:
14 / 59
https://virustotal.com/de/file/69f61b26 ... 498699772/
C2s:
In attachment the unpacked.85.95.184.183:33360
xdem777.duckdns.org:20000
xdem777.linkpc.net:7777
BR,
Antelox
You do not have the required permissions to view the files attached to this post.
Re: Malware collection
You do not have the required permissions to view the files attached to this post.