General
-
Target
Document Payment.js
-
Size
252KB
-
Sample
221107-vj5g1ahac2
-
MD5
76c1c36c47ced1f2e3c9528b4a45fc42
-
SHA1
bf8e742e9e99d7814988dadc809847c624d098ed
-
SHA256
abb0ca8ed8cb040eb69d4837c26fca5efe130711346859b86641b45da7de31b6
-
SHA512
066c4d3508b3c3c816c0909eb1c20fed76d908b4f94fa36e36dff2711515f63ae41cad0bc5a971fa4bda2162014f853fb4d8a9fa809d14afb9fd56a0d834fe8a
-
SSDEEP
1536:B4QRV0AphDu3651pCC6T5IYx9btSutuiLL5dve/OC67OMOMM8hMM/0m6tWcSukqE:BnTeK1qRfOgkKtlQi
Static task
static1
Behavioral task
behavioral1
Sample
Document Payment.js
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Document Payment.js
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
Document Payment.js
-
Size
252KB
-
MD5
76c1c36c47ced1f2e3c9528b4a45fc42
-
SHA1
bf8e742e9e99d7814988dadc809847c624d098ed
-
SHA256
abb0ca8ed8cb040eb69d4837c26fca5efe130711346859b86641b45da7de31b6
-
SHA512
066c4d3508b3c3c816c0909eb1c20fed76d908b4f94fa36e36dff2711515f63ae41cad0bc5a971fa4bda2162014f853fb4d8a9fa809d14afb9fd56a0d834fe8a
-
SSDEEP
1536:B4QRV0AphDu3651pCC6T5IYx9btSutuiLL5dve/OC67OMOMM8hMM/0m6tWcSukqE:BnTeK1qRfOgkKtlQi
Score10/10-
Modifies WinLogon for persistence
-
NetWire RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-