General
-
Target
Quote.js
-
Size
412KB
-
Sample
220801-h4e2mafaen
-
MD5
36fd158eb019ac0d3b29754770aae398
-
SHA1
b3421f16e3f6a7defed1cfd4c7e7ad0b71d00d81
-
SHA256
31c05b8aacf0b417ecf6b3f3ddc88f18505a790e0a9a13186982789abf25875c
-
SHA512
299a312eb5e572485e071374e3912acd2dc3be41e1b8b481b424c94c05f478570a293579814a3b9f3e767eec0d1eb9c3a662d5c927f673c96cd13a8c0aa75f0f
Static task
static1
Behavioral task
behavioral1
Sample
Quote.js
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
Quote.js
Resource
win10v2004-20220721-en
Malware Config
Targets
-
-
Target
Quote.js
-
Size
412KB
-
MD5
36fd158eb019ac0d3b29754770aae398
-
SHA1
b3421f16e3f6a7defed1cfd4c7e7ad0b71d00d81
-
SHA256
31c05b8aacf0b417ecf6b3f3ddc88f18505a790e0a9a13186982789abf25875c
-
SHA512
299a312eb5e572485e071374e3912acd2dc3be41e1b8b481b424c94c05f478570a293579814a3b9f3e767eec0d1eb9c3a662d5c927f673c96cd13a8c0aa75f0f
Score10/10-
NetWire RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-