General
-
Target
Payment_PDF.js
-
Size
416KB
-
Sample
220920-s5cyrshbej
-
MD5
f5be5e836574332778a1746fd621a65f
-
SHA1
098ed47a50e7ca7845148162f44fbe4fba5985bd
-
SHA256
9ccdfb4952cfba51e3296f63efede3e363a9406dcf887ecbc8467f8d3b974f31
-
SHA512
fba821a045d0c20d7a9e9ec34e9e04744f6d16e45ed6de319546bdf4051f2a64ef42b37d0f3c469d45280d846d291a7602b075af6e1ad9e63573273d7491b5d4
-
SSDEEP
6144:XWuS/GKH18Vhwsm8JWhz660+O3qamLA6cuZPrX5Enr24XenZ7TAJo3uO:XWuiNcJWhz65z3q+6c+PTG67d
Malware Config
Targets
-
-
Target
Payment_PDF.js
-
Size
416KB
-
MD5
f5be5e836574332778a1746fd621a65f
-
SHA1
098ed47a50e7ca7845148162f44fbe4fba5985bd
-
SHA256
9ccdfb4952cfba51e3296f63efede3e363a9406dcf887ecbc8467f8d3b974f31
-
SHA512
fba821a045d0c20d7a9e9ec34e9e04744f6d16e45ed6de319546bdf4051f2a64ef42b37d0f3c469d45280d846d291a7602b075af6e1ad9e63573273d7491b5d4
-
SSDEEP
6144:XWuS/GKH18Vhwsm8JWhz660+O3qamLA6cuZPrX5Enr24XenZ7TAJo3uO:XWuiNcJWhz65z3q+6c+PTG67d
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-