General

  • Target

    952abf34397fa6f4ef5f82df780dc3a2.bin

  • Size

    921B

  • Sample

    230519-b5xjqsdd3t

  • MD5

    75b98100a33759ec6f45aa8e22eebe93

  • SHA1

    392b76e6d5d9be534b06784ade4305440cd848d8

  • SHA256

    f83fd157395c7102280e9cf3cdda38ae3063977e7d40465b9be41d8f53d567a8

  • SHA512

    504837909a6355d309d51aa96952a9f989518ff0106e34945bf4d2d8477de02616455dbd403bdb5f540739872f8f4d3fdade581924b183bd2d4aa83a307b730d

Score
10/10

Malware Config

Targets

    • Target

      71758e062778b86768dbb70ba235a46d3faad6332238d8d794895ae4d237f446.js

    • Size

      1KB

    • MD5

      952abf34397fa6f4ef5f82df780dc3a2

    • SHA1

      51d76a5e1f6a369fffa58887f464a87536b8a6db

    • SHA256

      71758e062778b86768dbb70ba235a46d3faad6332238d8d794895ae4d237f446

    • SHA512

      c8da2d20529f8089ef1034844972dcfa16699ba6b419cb15767f96fcd2e032036723c1fca261e4c6e5d664801278951ff18e92471c7c44998ec818b8ded3e60c

    Score
    10/10
    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks