General
-
Target
Quote_PDF.js
-
Size
430KB
-
Sample
220814-shv6tsaba9
-
MD5
25e6f5655c71f7ee10968a01c51a8652
-
SHA1
bf0f2f6415e4a3e679f2b258bbd17714dddac41f
-
SHA256
daf814f4418c0806322977e304937e6dd18a4c70a1cc0524e0e5e1dd1548dee7
-
SHA512
177675b1152b74ec7e4ecfca2a92314871fff0b3c53a52acb8e75db89293b8fd7144b2c883478c7d8959ad1bb2e727bed744a50db8b621cd131b9de3b7790b89
Malware Config
Targets
-
-
Target
Quote_PDF.js
-
Size
430KB
-
MD5
25e6f5655c71f7ee10968a01c51a8652
-
SHA1
bf0f2f6415e4a3e679f2b258bbd17714dddac41f
-
SHA256
daf814f4418c0806322977e304937e6dd18a4c70a1cc0524e0e5e1dd1548dee7
-
SHA512
177675b1152b74ec7e4ecfca2a92314871fff0b3c53a52acb8e75db89293b8fd7144b2c883478c7d8959ad1bb2e727bed744a50db8b621cd131b9de3b7790b89
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Vjw0rm
Vjw0rm is a remote access trojan written in JavaScript.
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-