Page 1 of 2

BackDoor.Wirenet

PostPosted:Thu Aug 30, 2012 9:40 am
by Xylitol
http://news.drweb.com/show/?i=2679&lng=en&c=14
Sample for Windows/GNU-Linux/Solaris/Mac OS X + Shellcodes in attach.
Small note, for Mac there is the Mach-O and the Application Bundle

Re: BackDoor.Wirenet

PostPosted:Sat Dec 29, 2012 10:03 am
by bsteo
Isn't this one NetWire RAT? Seems like it.

Netwire RAT

PostPosted:Fri Jan 29, 2016 9:11 pm
by maddog4012
Here is a variant of Netwire I can across today I have included the word doc that is sent to the victim e-mail. when the doc is opened it downloads Netwire

Re: BackDoor.Wirenet

PostPosted:Fri Jan 29, 2016 11:36 pm
by Xylitol
What's the password?
edit: virus

Doc file downloading
Code: Select all
http://247financedeal.com/dbust.exe
https://www.virustotal.com/en/file/ae22 ... 454114939/
Win32/Spy.Weecnaw.A (ESET) ~ http://www.virusradar.com/en/Win32_Spy. ... escription

Image

Re: BackDoor.Wirenet

PostPosted:Sun Jan 31, 2016 7:12 am
by tWiCe
Xylitol wrote:
Code: Select all
http://247financedeal.com/dbust.exe
https://www.virustotal.com/en/file/ae22 ... 454114939/
Win32/Spy.Weecnaw.A (ESET) ~ http://www.virusradar.com/en/Win32_Spy. ... escription
ESET has NetWeird name for OSX/Linux/Solaris samples, but for Windows they've picked another alias? it's strange..

Re: BackDoor.Wirenet

PostPosted:Wed Feb 03, 2016 5:59 pm
by patriq
Another NetWire on the same server
Code: Select all
hxtp://247financedeal.com/cbust.exe
https://www.virustotal.com/en/file/8e27 ... 444788304/

Xyl wrote about this
http://www.xylibox.com/2012/07/netwire- ... m-rat.html

Re: Malware collection

PostPosted:Thu Jun 29, 2017 2:19 am
by markusg
SHA256:
69f61b266fbcdbfd90b23ce4087206488f509ae3a38f356ff64e4d241e02dfad
Dateiname:
LICENS~1.EXE
Erkennungsrate:
14 / 59
https://virustotal.com/de/file/69f61b26 ... 498699772/

Re: Malware collection

PostPosted:Thu Jun 29, 2017 7:47 am
by markusg
markusg wrote:SHA256:
69f61b266fbcdbfd90b23ce4087206488f509ae3a38f356ff64e4d241e02dfad
Dateiname:
LICENS~1.EXE
Erkennungsrate:
14 / 59
https://virustotal.com/de/file/69f61b26 ... 498699772/
not able to edit post,
its perhaps
TrojanSpy: Win32/Loyeetro.A

Re: Malware collection

PostPosted:Thu Jun 29, 2017 8:19 am
by Antelox
markusg wrote:SHA256:
69f61b266fbcdbfd90b23ce4087206488f509ae3a38f356ff64e4d241e02dfad
Dateiname:
LICENS~1.EXE
Erkennungsrate:
14 / 59
https://virustotal.com/de/file/69f61b26 ... 498699772/
It's NetWire RAT.

C2s:
85.95.184.183:33360
xdem777.duckdns.org:20000
xdem777.linkpc.net:7777
In attachment the unpacked.

BR,

Antelox

Re: Malware collection

PostPosted:Sat Feb 03, 2018 4:42 pm
by ikolor