General
-
Target
Payment_pdf.js
-
Size
411KB
-
Sample
220821-b68y6abcfp
-
MD5
86ce1b0b23b154994c211e323a0e809f
-
SHA1
54eac40a919784f9b6321a009c050f8504b4783d
-
SHA256
89186eaf46c92a3e8db381a239e54a77e214276b8bb0afb17f34c329ad71a495
-
SHA512
6389e55db118e718a3f605d2abcd718ba870ceca89dfe18e24005d3bf0ac00f632287cadcd0cff0569cade33e7a65a313a6b953d0a64ef32e304bf2e1630080c
-
SSDEEP
6144:iUhlHGOkS9RcUcj82Fz4uDSvjG0v6ovWFU1/u:iUzpcj8m4uP+/hu
Static task
static1
Behavioral task
behavioral1
Sample
Payment_pdf.js
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Payment_pdf.js
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
Payment_pdf.js
-
Size
411KB
-
MD5
86ce1b0b23b154994c211e323a0e809f
-
SHA1
54eac40a919784f9b6321a009c050f8504b4783d
-
SHA256
89186eaf46c92a3e8db381a239e54a77e214276b8bb0afb17f34c329ad71a495
-
SHA512
6389e55db118e718a3f605d2abcd718ba870ceca89dfe18e24005d3bf0ac00f632287cadcd0cff0569cade33e7a65a313a6b953d0a64ef32e304bf2e1630080c
-
SSDEEP
6144:iUhlHGOkS9RcUcj82Fz4uDSvjG0v6ovWFU1/u:iUzpcj8m4uP+/hu
Score10/10-
NetWire RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-