General
-
Target
Payment_PDF.js
-
Size
414KB
-
Sample
220817-qy4f2agccn
-
MD5
c2bd31714a000c20d168677d564de7ba
-
SHA1
7132987c2122cca918aaaed04e916cd89937e857
-
SHA256
491873933a34096211944daa1528b663785bf48e68c98586cbc69dbb063df0a5
-
SHA512
cff94fcc9f6339a77eb206c9329157b91170fa35ff94a26abe1b99b64a1c6208d2c80852c520e388f069ed94907acea60e8c24f3459ca024764e56c1d4afb776
-
SSDEEP
6144:U8Kay7RHK2uA83l6A7VdJNylVLsVnwtooHF1Rr9Dx2k8gxBStAorf:ULJ3A7VdzyH4VnQHFDrlawG
Static task
static1
Behavioral task
behavioral1
Sample
Payment_PDF.js
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Payment_PDF.js
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
Payment_PDF.js
-
Size
414KB
-
MD5
c2bd31714a000c20d168677d564de7ba
-
SHA1
7132987c2122cca918aaaed04e916cd89937e857
-
SHA256
491873933a34096211944daa1528b663785bf48e68c98586cbc69dbb063df0a5
-
SHA512
cff94fcc9f6339a77eb206c9329157b91170fa35ff94a26abe1b99b64a1c6208d2c80852c520e388f069ed94907acea60e8c24f3459ca024764e56c1d4afb776
-
SSDEEP
6144:U8Kay7RHK2uA83l6A7VdJNylVLsVnwtooHF1Rr9Dx2k8gxBStAorf:ULJ3A7VdzyH4VnQHFDrlawG
Score10/10-
NetWire RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-