General
-
Target
Quote_PDF.js
-
Size
430KB
-
Sample
220814-shv6tsaba9
-
MD5
25e6f5655c71f7ee10968a01c51a8652
-
SHA1
bf0f2f6415e4a3e679f2b258bbd17714dddac41f
-
SHA256
daf814f4418c0806322977e304937e6dd18a4c70a1cc0524e0e5e1dd1548dee7
-
SHA512
177675b1152b74ec7e4ecfca2a92314871fff0b3c53a52acb8e75db89293b8fd7144b2c883478c7d8959ad1bb2e727bed744a50db8b621cd131b9de3b7790b89
Static task
static1
Behavioral task
behavioral1
Sample
Quote_PDF.js
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
Quote_PDF.js
-
Size
430KB
-
MD5
25e6f5655c71f7ee10968a01c51a8652
-
SHA1
bf0f2f6415e4a3e679f2b258bbd17714dddac41f
-
SHA256
daf814f4418c0806322977e304937e6dd18a4c70a1cc0524e0e5e1dd1548dee7
-
SHA512
177675b1152b74ec7e4ecfca2a92314871fff0b3c53a52acb8e75db89293b8fd7144b2c883478c7d8959ad1bb2e727bed744a50db8b621cd131b9de3b7790b89
-
NetWire RAT payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-