General

  • Target

    5334206550235.zip

  • Size

    1KB

  • Sample

    220907-tjaryshgdp

  • MD5

    816a8c5178c108d6428aabe41afadc04

  • SHA1

    65c41f36ef4a02459c6f851e4d33aff0ca15ffc0

  • SHA256

    7240e18c3a648a5c8f8c9154c67f8aeb6f3e158efd616dea7e648117db056d25

  • SHA512

    c4e2c59b4fa90386eb6778176e613cb8aee746def2aac66de3df8b92ce7edc1aa8e0c0c4246982c20c53ec5fb48398645a720a3c1e90c366e874138bdbf786c5

Malware Config

Targets

    • Target

      5334206550235/5334206550235.doc

    • Size

      13B

    • MD5

      3e8b2bca43b13d7da07d14c6852d43d9

    • SHA1

      6f11c80c2015efb519cc4f5d8b066feaddd2ceaf

    • SHA256

      35a2b9e0e3629c9a4acee07fa39f850268b291f552f1bfd1fec68772d32d17fc

    • SHA512

      1a26f6778ec7bab26bb833bd538dda8d38cd93ce2d7908ec929896fe0d573a25f0aae38de4c5aab2edc7e74cb6ec9ea18a067e4109adf8ef53fe23573b10793e

    Score
    4/10
    • Target

      5334206550235/5334206550235.lnk

    • Size

      1KB

    • MD5

      af0332822932a50423ee56f4c5e86d48

    • SHA1

      be147be6cb2535d016fa070272e8ebf668590b0c

    • SHA256

      4ebafd6788be403f087f05295c8d873241b064415015eebbee27958c24fc10e1

    • SHA512

      31fd6abc3c471ae1ed18f911d58080c720e9a59a927ad1af46f239e69545ea27f5a4ddee875681a2573558dcf3787bd47a0214547ece9db2f9fe1faf6f08a3ab

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks