Overview

overview

10

Static

static

Purchase Order.js

windows7-x64

10

Purchase Order.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Purchase Order.js

  • Size

    411KB

  • Sample

    220726-mr866acag8

  • MD5

    eb5f04326f4bbb8f69bfb26b0ea3c51b

  • SHA1

    6aeebefa228bd8290b97db9aff296ddce93bbe94

  • SHA256

    8312d7ada28aaab347e6b7677cdcfd9a7bf4a5c47fed9a86cbff29a0d6615686

  • SHA512

    4965d3b34861ec040574da89d2abd4fca8d977213c030c9785f6f266dd64c5f2bd254d3697ba2562c31df679e3fd3f3eb4deaa6df5cbf85d32e45150c91d1ca4

Score
10/10
netwirebotnetpersistenceratstealer

Malware Config

Targets

    • Target

      Purchase Order.js

    • Size

      411KB

    • MD5

      eb5f04326f4bbb8f69bfb26b0ea3c51b

    • SHA1

      6aeebefa228bd8290b97db9aff296ddce93bbe94

    • SHA256

      8312d7ada28aaab347e6b7677cdcfd9a7bf4a5c47fed9a86cbff29a0d6615686

    • SHA512

      4965d3b34861ec040574da89d2abd4fca8d977213c030c9785f6f266dd64c5f2bd254d3697ba2562c31df679e3fd3f3eb4deaa6df5cbf85d32e45150c91d1ca4

    Score
    10/10
    netwirebotnetpersistenceratstealer

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks