General
-
Target
Request Quote_PDF.js
-
Size
413KB
-
Sample
220918-f8axcsegam
-
MD5
f0ab774a3a85bb6878897c641104ff70
-
SHA1
898701732283a90632ece16e47f8e0a5efef3ae8
-
SHA256
c51d215d3a71748dbcfe7310102a4b9e8864f3cfdb01bf0dacab5df203b37428
-
SHA512
3c4081ef491f9b6852d292212f87139352ea8163cb115f2af9d6c9ba56bdc9b4647ca82bbafccdadd453fce51c2e5b4953310310a45a795a8a9add9d399c2037
-
SSDEEP
6144:hYfG+JJ9zEqXmDkDoDb1B/l0NUDm3G6UuRHKe06kZXYGXbLVALXCuU:hYuc3DoDb1hGNUL6U+H1UVh
Static task
static1
Behavioral task
behavioral1
Sample
Request Quote_PDF.js
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
Request Quote_PDF.js
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
Request Quote_PDF.js
-
Size
413KB
-
MD5
f0ab774a3a85bb6878897c641104ff70
-
SHA1
898701732283a90632ece16e47f8e0a5efef3ae8
-
SHA256
c51d215d3a71748dbcfe7310102a4b9e8864f3cfdb01bf0dacab5df203b37428
-
SHA512
3c4081ef491f9b6852d292212f87139352ea8163cb115f2af9d6c9ba56bdc9b4647ca82bbafccdadd453fce51c2e5b4953310310a45a795a8a9add9d399c2037
-
SSDEEP
6144:hYfG+JJ9zEqXmDkDoDb1B/l0NUDm3G6UuRHKe06kZXYGXbLVALXCuU:hYuc3DoDb1hGNUL6U+H1UVh
Score10/10-
NetWire RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-