General
-
Target
Quote.js
-
Size
416KB
-
Sample
220729-rwtz9aade8
-
MD5
aa291aa599ebf686ae5d49907c307ca2
-
SHA1
04a6c1ef1b848c8443ea1a83ced4b606382eeccd
-
SHA256
ead670293a8d8d85c76363403b8827e570d68204f2e88b855eab5cd312ab9c3a
-
SHA512
e0ba4593ab9a61f68d2759738b31aae92e8ed0d5a7f242d9ac9bb584e55a262cb2657542f85b4544d291954ba4d4d1d4b0fb9b9d6a3a23e9786e1bd4707c4936
Malware Config
Targets
-
-
Target
Quote.js
-
Size
416KB
-
MD5
aa291aa599ebf686ae5d49907c307ca2
-
SHA1
04a6c1ef1b848c8443ea1a83ced4b606382eeccd
-
SHA256
ead670293a8d8d85c76363403b8827e570d68204f2e88b855eab5cd312ab9c3a
-
SHA512
e0ba4593ab9a61f68d2759738b31aae92e8ed0d5a7f242d9ac9bb584e55a262cb2657542f85b4544d291954ba4d4d1d4b0fb9b9d6a3a23e9786e1bd4707c4936
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-