General
-
Target
Request QuotationPDF.js
-
Size
645KB
-
Sample
220905-dqcxwsaagj
-
MD5
5f6d304b5cbeb4d90f819ddcd12cb53d
-
SHA1
81498fb959af13f0ca0c38d0c27c4c593168dac2
-
SHA256
8c47189a5400ade17afd5b97491d17c64a4cc0de8cd7a9191540218f9ebf0808
-
SHA512
a3de7a0d7cc72e704846801cc42d8b937ffccc0cdfa81d04fdd83e1a4cf9bd55ba3a4330a8d5cee429a2c3822005346648a2b77bcf1966c53af7d27bae86dbe5
-
SSDEEP
6144:TmO3RKX8lqCw+F02pnNNWxsRpYhirSpBfozHlvzEwB8yn6AljT5uLTXMj46tfZ4I:TmOzn0vYeDOLrn6Ap5uk4tSdL
Static task
static1
Behavioral task
behavioral1
Sample
Request QuotationPDF.js
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Request QuotationPDF.js
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
Request QuotationPDF.js
-
Size
645KB
-
MD5
5f6d304b5cbeb4d90f819ddcd12cb53d
-
SHA1
81498fb959af13f0ca0c38d0c27c4c593168dac2
-
SHA256
8c47189a5400ade17afd5b97491d17c64a4cc0de8cd7a9191540218f9ebf0808
-
SHA512
a3de7a0d7cc72e704846801cc42d8b937ffccc0cdfa81d04fdd83e1a4cf9bd55ba3a4330a8d5cee429a2c3822005346648a2b77bcf1966c53af7d27bae86dbe5
-
SSDEEP
6144:TmO3RKX8lqCw+F02pnNNWxsRpYhirSpBfozHlvzEwB8yn6AljT5uLTXMj46tfZ4I:TmOzn0vYeDOLrn6Ap5uk4tSdL
Score10/10-
NetWire RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-