General
-
Target
Payment_PDF.js
-
Size
411KB
-
Sample
220817-g8wz9segc5
-
MD5
90f2c19c3ed88ee8462ff3dcd34ad909
-
SHA1
08cd1cc484a978c67f41e2ea8c38823f6eb31303
-
SHA256
f3ed95765fa0a9484d5ae4c615a5c36b67cdf090a9240fc9f27ca6a32e9690d2
-
SHA512
aa41a3ca5f348f63443c4b50b7b7af60e6e2bbcfef4c2331b35cb27a2bcbd9e3faccce56046cfc9503684fa85bb1b42bc6b1e9ae82bc01bf835e33b51aab9bfa
-
SSDEEP
6144:dJk2jt95SsRmtw7UTzPzVX09Il67u6zwudnIkGO6EFiGnzjFAjV4uH:dOe17UTzPRE9IF6zwan5bFM
Malware Config
Targets
-
-
Target
Payment_PDF.js
-
Size
411KB
-
MD5
90f2c19c3ed88ee8462ff3dcd34ad909
-
SHA1
08cd1cc484a978c67f41e2ea8c38823f6eb31303
-
SHA256
f3ed95765fa0a9484d5ae4c615a5c36b67cdf090a9240fc9f27ca6a32e9690d2
-
SHA512
aa41a3ca5f348f63443c4b50b7b7af60e6e2bbcfef4c2331b35cb27a2bcbd9e3faccce56046cfc9503684fa85bb1b42bc6b1e9ae82bc01bf835e33b51aab9bfa
-
SSDEEP
6144:dJk2jt95SsRmtw7UTzPzVX09Il67u6zwudnIkGO6EFiGnzjFAjV4uH:dOe17UTzPRE9IF6zwan5bFM
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-