General
-
Target
Invoice No.000733487303.js
-
Size
496KB
-
Sample
220919-j2rs3sffb2
-
MD5
7b76b56837fad8241f10604c44de493f
-
SHA1
b8575dc549f905dd9fddecc254232914abaaffe2
-
SHA256
09893a238f6a7dc6bcf685f566dd57f6a968b08d244e6e56e677a8070a4b595a
-
SHA512
b37eed33098fb2c85b7cd1a14c77b2d77d8f34ed480f00e5491e0479798e46ec5f2de22b9299ff9c0882c0fc60e494e7dc9cb966562bc2af39c9d642a2b42c45
-
SSDEEP
12288:n19SpUzm9WbccaebiM2fQ/ihctOe0prNzhKWyKQSg9y:n1QB9BeIzgWyO
Static task
static1
Behavioral task
behavioral1
Sample
Invoice No.000733487303.js
Resource
win7-20220812-en
Malware Config
Extracted
netwire
whiteking.giize.com:4040
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
DEGRACE
-
lock_executable
false
-
offline_keylogger
false
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
Invoice No.000733487303.js
-
Size
496KB
-
MD5
7b76b56837fad8241f10604c44de493f
-
SHA1
b8575dc549f905dd9fddecc254232914abaaffe2
-
SHA256
09893a238f6a7dc6bcf685f566dd57f6a968b08d244e6e56e677a8070a4b595a
-
SHA512
b37eed33098fb2c85b7cd1a14c77b2d77d8f34ed480f00e5491e0479798e46ec5f2de22b9299ff9c0882c0fc60e494e7dc9cb966562bc2af39c9d642a2b42c45
-
SSDEEP
12288:n19SpUzm9WbccaebiM2fQ/ihctOe0prNzhKWyKQSg9y:n1QB9BeIzgWyO
-
NetWire RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-