General
-
Target
Payment_PDF.js
-
Size
414KB
-
Sample
220831-jldarabafl
-
MD5
e4d9fc0bce59974d7a8071b86f830193
-
SHA1
7fbd9cce7bc0b3e85429b4fbb48cc58577c8d1d9
-
SHA256
98e14e580080fb8da90559e2739c19990a0fdb9f70021ebdce636e1f0ef30f9e
-
SHA512
063f8e111d1dd1ffd87950f2f9163ba4fd1867569e44dc50180df62c2e2afaec306edd9c80e8a90653bb3c70525f1aeeded7fae47a3d546e0c83ecc679a5b9d7
-
SSDEEP
6144:T3qisatffESj/9JOPJ7G4Ot534qcgcOjw0:T3dff9JO44Ot3Tp00
Static task
static1
Behavioral task
behavioral1
Sample
Payment_PDF.js
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Payment_PDF.js
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
Payment_PDF.js
-
Size
414KB
-
MD5
e4d9fc0bce59974d7a8071b86f830193
-
SHA1
7fbd9cce7bc0b3e85429b4fbb48cc58577c8d1d9
-
SHA256
98e14e580080fb8da90559e2739c19990a0fdb9f70021ebdce636e1f0ef30f9e
-
SHA512
063f8e111d1dd1ffd87950f2f9163ba4fd1867569e44dc50180df62c2e2afaec306edd9c80e8a90653bb3c70525f1aeeded7fae47a3d546e0c83ecc679a5b9d7
-
SSDEEP
6144:T3qisatffESj/9JOPJ7G4Ot534qcgcOjw0:T3dff9JO44Ot3Tp00
Score10/10-
NetWire RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-