General

  • Target

    rechn5130415.js

  • Size

    48KB

  • Sample

    230519-ql8j8agg9y

  • MD5

    5618fad2dd16924e681e15c089f59d1c

  • SHA1

    d8ac2ec10f7caadc706763c98d19953f3f17e6d8

  • SHA256

    1fb5b7043cdc3f8a5344b172ffa0398df3c295b5c490c6da0b43bf200522cd0d

  • SHA512

    ae7e52c7d99bc9e11cacfa8dc3fa55873d4217d964c5306cf918ff33eb2e33c23e14e4cb062648f3cecd98ac104857b3dc18bfa22ef88cce9785be6447b9de54

  • SSDEEP

    768:dhsmqfMvHGpK5Lqm4L/f/O8VFwL7f6/MVRPXD+rDpozmCRQtRjRWm0u:dhx5fGpKgmC/+8MWsR7+rjCR6lWm0u

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://ridersintl.org/vincent-sewe/f1.ps1

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://macayaywaak.cl/sistema2/variables.php

Targets

    • Target

      rechn5130415.js

    • Size

      48KB

    • MD5

      5618fad2dd16924e681e15c089f59d1c

    • SHA1

      d8ac2ec10f7caadc706763c98d19953f3f17e6d8

    • SHA256

      1fb5b7043cdc3f8a5344b172ffa0398df3c295b5c490c6da0b43bf200522cd0d

    • SHA512

      ae7e52c7d99bc9e11cacfa8dc3fa55873d4217d964c5306cf918ff33eb2e33c23e14e4cb062648f3cecd98ac104857b3dc18bfa22ef88cce9785be6447b9de54

    • SSDEEP

      768:dhsmqfMvHGpK5Lqm4L/f/O8VFwL7f6/MVRPXD+rDpozmCRQtRjRWm0u:dhx5fGpKgmC/+8MWsR7+rjCR6lWm0u

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks