General
-
Target
Quote_PDF.js
-
Size
417KB
-
Sample
220919-t9dxaschcq
-
MD5
10ea52784165e94c2b8d62029f47fc2f
-
SHA1
9f3d0e42cbe82beeb4a467b78d612ce89fddfa41
-
SHA256
883a1fb015a99ca444237d8d48187d9cca44ed7daa3dfe0c21836fb207047c7a
-
SHA512
6f9e9f4136fedf90bd836abaf2cf51c67b822509f01b9d8a19fabcd327a190324e25ece949f4c5a2408648b2214c1a5ee3f0a6e98d4b14f405f6d29d97b096f5
-
SSDEEP
6144:hN8ML4yxnebd6j+IjhS6EzYYosOquA4nfuqQiWYl69Sjrh54:nL40yIjNQYYoWuA4nWqQK6ut54
Static task
static1
Behavioral task
behavioral1
Sample
Quote_PDF.js
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
Quote_PDF.js
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
Quote_PDF.js
-
Size
417KB
-
MD5
10ea52784165e94c2b8d62029f47fc2f
-
SHA1
9f3d0e42cbe82beeb4a467b78d612ce89fddfa41
-
SHA256
883a1fb015a99ca444237d8d48187d9cca44ed7daa3dfe0c21836fb207047c7a
-
SHA512
6f9e9f4136fedf90bd836abaf2cf51c67b822509f01b9d8a19fabcd327a190324e25ece949f4c5a2408648b2214c1a5ee3f0a6e98d4b14f405f6d29d97b096f5
-
SSDEEP
6144:hN8ML4yxnebd6j+IjhS6EzYYosOquA4nfuqQiWYl69Sjrh54:nL40yIjNQYYoWuA4nWqQK6ut54
Score10/10-
NetWire RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-