General
-
Target
Payment_PDF.js
-
Size
423KB
-
Sample
220822-sdbavshchk
-
MD5
371a8641026b2a7ef3006b8bb4dece0a
-
SHA1
7bb7a599080e696f92b875f4218f22aa2db4ba16
-
SHA256
3f15efe553460c7afa09e3464a98612d3b6107fdb1b076b985f9959b177e8214
-
SHA512
d92047fb2c0fae92aabd73cd621302e545b024eb476e8d4a71052a2621aeda9ff98a15864acc301e6b332820c6c1345a9f67e1284e468562450e3a6ccc5e8afa
-
SSDEEP
6144:Co9NHSKASpZk8gvESl7cuzu/X6or6JcVvSiV8My:C8DJgvEycu7mPty
Malware Config
Targets
-
-
Target
Payment_PDF.js
-
Size
423KB
-
MD5
371a8641026b2a7ef3006b8bb4dece0a
-
SHA1
7bb7a599080e696f92b875f4218f22aa2db4ba16
-
SHA256
3f15efe553460c7afa09e3464a98612d3b6107fdb1b076b985f9959b177e8214
-
SHA512
d92047fb2c0fae92aabd73cd621302e545b024eb476e8d4a71052a2621aeda9ff98a15864acc301e6b332820c6c1345a9f67e1284e468562450e3a6ccc5e8afa
-
SSDEEP
6144:Co9NHSKASpZk8gvESl7cuzu/X6or6JcVvSiV8My:C8DJgvEycu7mPty
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-