General

  • Target

    Quote_PDF.js

  • Size

    416KB

  • Sample

    220922-skk4msbgc5

  • MD5

    00d505983f81b198c0e96550cdfc665e

  • SHA1

    c8e5ab47efb9cda85683fcc808ea02677ea27441

  • SHA256

    888e73dd8c2651b8da9e04a8521d1d82c312c3d59860df4dc18cbacbbc3f31af

  • SHA512

    7b15a4da4d0571979d0c9f25308dd48f2cc15637de7cbc52a481fb3baf25a4d96c1cd3bbcc9928166ea41419cc72166ee053ddae85618ff8412c0ce9c79ce504

Malware Config

Targets

    • Target

      Quote_PDF.js

    • Size

      416KB

    • MD5

      00d505983f81b198c0e96550cdfc665e

    • SHA1

      c8e5ab47efb9cda85683fcc808ea02677ea27441

    • SHA256

      888e73dd8c2651b8da9e04a8521d1d82c312c3d59860df4dc18cbacbbc3f31af

    • SHA512

      7b15a4da4d0571979d0c9f25308dd48f2cc15637de7cbc52a481fb3baf25a4d96c1cd3bbcc9928166ea41419cc72166ee053ddae85618ff8412c0ce9c79ce504

    • NetWire RAT payload

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Privilege Escalation