General
-
Target
Quote_PDF.js
-
Size
427KB
-
Sample
220807-qgxl6adfc9
-
MD5
38d24212ffdc3b2ed75c7bfa6da7723e
-
SHA1
0167489af9f781052c684882145834fd18f8b0cb
-
SHA256
a03e2209954abb189898ff2c0af25fe38d6702995bcf9d3819968d9ffba7f972
-
SHA512
d9ab3ecb7eb014fa27c5f556b255d301eab1efc16f84753af541deea7cc8a138c4c8871b2a7f967b352fdce8b4875a9ecf084167a9d7979486c750d6df9bb43c
Static task
static1
Behavioral task
behavioral1
Sample
Quote_PDF.js
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
Quote_PDF.js
Resource
win10v2004-20220722-en
Malware Config
Targets
-
-
Target
Quote_PDF.js
-
Size
427KB
-
MD5
38d24212ffdc3b2ed75c7bfa6da7723e
-
SHA1
0167489af9f781052c684882145834fd18f8b0cb
-
SHA256
a03e2209954abb189898ff2c0af25fe38d6702995bcf9d3819968d9ffba7f972
-
SHA512
d9ab3ecb7eb014fa27c5f556b255d301eab1efc16f84753af541deea7cc8a138c4c8871b2a7f967b352fdce8b4875a9ecf084167a9d7979486c750d6df9bb43c
Score10/10-
NetWire RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-