General

  • Target

    1f681f268081de803775afa4b9132604.js

  • Size

    632KB

  • Sample

    230519-d7estafa52

  • MD5

    1f681f268081de803775afa4b9132604

  • SHA1

    26af1aa7c8964622d5f14519dd25209418dd5e0d

  • SHA256

    30831ca307d5113558cb320f0218bf1223ccf516d6216835c0706e716504c0d9

  • SHA512

    e88a2aeb6a66f32bc71e892a8519207361a7c45d52076308e2e876ab9feb1180cb65f9b24f0ce7d1b940ac85cfca166ba4e1def0eeb5ddaf490559d0766446c1

  • SSDEEP

    3072:lXV8KmbzPiG9V7lRypHuntQAvgFSTKzRADiR8OuM65j9DGRo2CTxfpIcM1iDKsGg:YvF9WIlB

Malware Config

Targets

    • Target

      1f681f268081de803775afa4b9132604.js

    • Size

      632KB

    • MD5

      1f681f268081de803775afa4b9132604

    • SHA1

      26af1aa7c8964622d5f14519dd25209418dd5e0d

    • SHA256

      30831ca307d5113558cb320f0218bf1223ccf516d6216835c0706e716504c0d9

    • SHA512

      e88a2aeb6a66f32bc71e892a8519207361a7c45d52076308e2e876ab9feb1180cb65f9b24f0ce7d1b940ac85cfca166ba4e1def0eeb5ddaf490559d0766446c1

    • SSDEEP

      3072:lXV8KmbzPiG9V7lRypHuntQAvgFSTKzRADiR8OuM65j9DGRo2CTxfpIcM1iDKsGg:YvF9WIlB

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks