Overview

overview

10

Static

static

Quote.js

windows7-x64

10

Quote.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Quote.js

  • Size

    412KB

  • Sample

    220801-h4e2mafaen

  • MD5

    36fd158eb019ac0d3b29754770aae398

  • SHA1

    b3421f16e3f6a7defed1cfd4c7e7ad0b71d00d81

  • SHA256

    31c05b8aacf0b417ecf6b3f3ddc88f18505a790e0a9a13186982789abf25875c

  • SHA512

    299a312eb5e572485e071374e3912acd2dc3be41e1b8b481b424c94c05f478570a293579814a3b9f3e767eec0d1eb9c3a662d5c927f673c96cd13a8c0aa75f0f

Score
10/10
netwirebotnetpersistenceratstealer

Malware Config

Targets

    • Target

      Quote.js

    • Size

      412KB

    • MD5

      36fd158eb019ac0d3b29754770aae398

    • SHA1

      b3421f16e3f6a7defed1cfd4c7e7ad0b71d00d81

    • SHA256

      31c05b8aacf0b417ecf6b3f3ddc88f18505a790e0a9a13186982789abf25875c

    • SHA512

      299a312eb5e572485e071374e3912acd2dc3be41e1b8b481b424c94c05f478570a293579814a3b9f3e767eec0d1eb9c3a662d5c927f673c96cd13a8c0aa75f0f

    Score
    10/10
    netwirebotnetpersistenceratstealer

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks