General
-
Target
Request QuotePDF.js
-
Size
413KB
-
Sample
220914-e7874adaek
-
MD5
3d02c62008af5380118aae1dcc6e3e3d
-
SHA1
9ff83c7144de3919478f47a6185984ac43bd95a4
-
SHA256
c0177f6f95bf8a1d435add27ca92db115ac047026a2a6f51b553f96c867210b6
-
SHA512
6c2c43557d6feeaec7bd16e847e846badf1708cdd752f437a8882d688e252c1299338e7a74d564f027d513ab54cd4e3bfeaf5bf2d36b9dba125f7374705feda5
-
SSDEEP
6144:S/iLqOXNMlJ8kC8ZKFD6KsKmvGyiLQ6sudDTvBenSI/azZPvA94Xun:S/2FYZKFD6dLvGa6sqD7ljc
Static task
static1
Behavioral task
behavioral1
Sample
Request QuotePDF.js
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Request QuotePDF.js
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
Request QuotePDF.js
-
Size
413KB
-
MD5
3d02c62008af5380118aae1dcc6e3e3d
-
SHA1
9ff83c7144de3919478f47a6185984ac43bd95a4
-
SHA256
c0177f6f95bf8a1d435add27ca92db115ac047026a2a6f51b553f96c867210b6
-
SHA512
6c2c43557d6feeaec7bd16e847e846badf1708cdd752f437a8882d688e252c1299338e7a74d564f027d513ab54cd4e3bfeaf5bf2d36b9dba125f7374705feda5
-
SSDEEP
6144:S/iLqOXNMlJ8kC8ZKFD6KsKmvGyiLQ6sudDTvBenSI/azZPvA94Xun:S/2FYZKFD6dLvGa6sqD7ljc
Score10/10-
NetWire RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-