General
-
Target
Quote_PDF.js
-
Size
457KB
-
Sample
220826-tp4xzsfgf8
-
MD5
5d9f9baf3d7c581bc7c9d5ef19dad173
-
SHA1
f03d9205fa4b1d695079e77e44384a7a1afcf03d
-
SHA256
1dc432ae11129c1f3497710ae3dcf457a3f3b99a71e011992434ecf11103cdeb
-
SHA512
0f0bfa0089aec3149508242907835404d099c323c42da901e0a992bf937a087485f7bca6c53fd4ef4556a04f3ebc8fa60e714b28046470c4d10302d646d396e8
-
SSDEEP
6144:KJm4iMO2wtqrHTt50ONAeFcYf/3XuDZz+NtM67bXoxKF:KJm4iMO2w6HPFcYHXu2yxoF
Static task
static1
Behavioral task
behavioral1
Sample
Quote_PDF.js
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Quote_PDF.js
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
Quote_PDF.js
-
Size
457KB
-
MD5
5d9f9baf3d7c581bc7c9d5ef19dad173
-
SHA1
f03d9205fa4b1d695079e77e44384a7a1afcf03d
-
SHA256
1dc432ae11129c1f3497710ae3dcf457a3f3b99a71e011992434ecf11103cdeb
-
SHA512
0f0bfa0089aec3149508242907835404d099c323c42da901e0a992bf937a087485f7bca6c53fd4ef4556a04f3ebc8fa60e714b28046470c4d10302d646d396e8
-
SSDEEP
6144:KJm4iMO2wtqrHTt50ONAeFcYf/3XuDZz+NtM67bXoxKF:KJm4iMO2w6HPFcYHXu2yxoF
Score10/10-
NetWire RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-