General
-
Target
Payment_PDF.js
-
Size
413KB
-
Sample
220916-jgdqqaafhr
-
MD5
e73b5a8013d9a3e9d23ccc801360710e
-
SHA1
71af99e6cdc182af193072bf1ccae44d4d35763a
-
SHA256
c1a1607c8471e135ad234c5ac04519b62225604f2c29bbdf8a93f451dd12304e
-
SHA512
b8593e89b9eac381738ec90d1749e9f785cecb405eb8f0aca6023b0b9df83e329dbfb379323187afd5f0e46d5b7855971d4303a47909c227a18f3ccd1fda33fe
-
SSDEEP
6144:xigBqQHVy7zWgwA1ypzgcOsaDOguPM6MuhTVJ/KBk+pKLlvbAh2xu5:xiGrG1ypzgdFDOM6M+TLrfS
Static task
static1
Behavioral task
behavioral1
Sample
Payment_PDF.js
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Payment_PDF.js
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
Payment_PDF.js
-
Size
413KB
-
MD5
e73b5a8013d9a3e9d23ccc801360710e
-
SHA1
71af99e6cdc182af193072bf1ccae44d4d35763a
-
SHA256
c1a1607c8471e135ad234c5ac04519b62225604f2c29bbdf8a93f451dd12304e
-
SHA512
b8593e89b9eac381738ec90d1749e9f785cecb405eb8f0aca6023b0b9df83e329dbfb379323187afd5f0e46d5b7855971d4303a47909c227a18f3ccd1fda33fe
-
SSDEEP
6144:xigBqQHVy7zWgwA1ypzgcOsaDOguPM6MuhTVJ/KBk+pKLlvbAh2xu5:xiGrG1ypzgdFDOM6M+TLrfS
Score10/10-
NetWire RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-