{
	"id": "e7168b10-5be1-4214-bfd6-7a83353afd1f",
	"created_at": "2026-04-06T00:11:06.96845Z",
	"updated_at": "2026-04-10T13:13:06.806017Z",
	"deleted_at": null,
	"sha1_hash": "14be483b39250fe264a86107455034c4cd95dbd3",
	"title": "netwire_technical_analysis_report.pdf",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 32385,
	"plain_text": "netwire_technical_analysis_report.pdf\r\nArchived: 2026-04-05 21:20:50 UTC\r\nSida 3 av 17\r\n2\r\nINTRODUCTION\r\nNetWire is a RAT that has been used by criminal organizations and other malicious groups since\r\n2012. NetWire is distributed through various campaigns, and we usually see it sent through malicious\r\nspam (malspam).\r\nComputers infected with this malware;\r\n- To remote control\r\n- Records keyboard strokes and mouse behavior\r\n- to take screenshots\r\n- To check system information\r\n- To create fake HTTP proxies\r\n- Allows access to data on the clipboard\r\n- It allows access to data on various browsers.\r\nUnlike many RATs, this one can target every major operating system, including Windows, Linux\r\nand MacOS.\r\nPREVIEW\r\nThe NetWire malware in the examined version was combined with an Excel file and continued\r\nto spread with phishing methods. The malicious file was originally named “shipment.xlsm”. As\r\nthe name suggests, it has targeted cargo companies and companies using it. First of all, it comes\r\nto us as an Excel document in order not to arouse suspicion. As a result of the analysis, it has been\r\ndetermined that this file acts as a loader to realize Stage 1.\r\nFile Name: shipment.xlsm\r\nhttps://drive.google.com/file/d/1dD2sWYES_hrPsoql4G0aVF9ILIxAS4Fd/view\r\nPage 1 of 2\n\nMD5 8fa508038223405c14000d0a2d909aa6\r\nSHA1 4bbcb5766ec862e7a674ca9a420443bc18aa4855\r\nSHA256 4426f68adbceaa14bd026618a134a3c84f83b546777f2f63bec6506d9fce9157\r\nSource: https://drive.google.com/file/d/1dD2sWYES_hrPsoql4G0aVF9ILIxAS4Fd/view\r\nhttps://drive.google.com/file/d/1dD2sWYES_hrPsoql4G0aVF9ILIxAS4Fd/view\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://drive.google.com/file/d/1dD2sWYES_hrPsoql4G0aVF9ILIxAS4Fd/view"
	],
	"report_names": [
		"view"
	],
	"threat_actors": [],
	"ts_created_at": 1775434266,
	"ts_updated_at": 1775826786,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/14be483b39250fe264a86107455034c4cd95dbd3.pdf",
		"text": "https://archive.orkl.eu/14be483b39250fe264a86107455034c4cd95dbd3.txt",
		"img": "https://archive.orkl.eu/14be483b39250fe264a86107455034c4cd95dbd3.jpg"
	}
}