General

  • Target

    33142.ps1

  • Size

    2.8MB

  • Sample

    230523-xh2qtshe8s

  • MD5

    904ee5da45c1127f2137c557670ec4f9

  • SHA1

    7e47e5bd00e73bf6758ec90c50409d9e65bd25a3

  • SHA256

    b41a4eb5971f4dd7b443bd68f92f6af92735d6db5a258e372d57b499882c866a

  • SHA512

    1e77356c3a6f9833c4a398888348cc60f8c8a0beff514878489706bf60f1e39bcf46c20d811db408b43fb100a4fe642eef932123109d35d6dce5391a4d9eee0b

  • SSDEEP

    24576:PpnJM5qB0dazVfVvKKLg2MVlY9kw9a89rS6+MAagBHMWWy/k9VFYTyKzvzYNzyfd:PaazVJK5VlYt9YAy5jMRqqo12+3IXA

Malware Config

Targets

    • Target

      33142.ps1

    • Size

      2.8MB

    • MD5

      904ee5da45c1127f2137c557670ec4f9

    • SHA1

      7e47e5bd00e73bf6758ec90c50409d9e65bd25a3

    • SHA256

      b41a4eb5971f4dd7b443bd68f92f6af92735d6db5a258e372d57b499882c866a

    • SHA512

      1e77356c3a6f9833c4a398888348cc60f8c8a0beff514878489706bf60f1e39bcf46c20d811db408b43fb100a4fe642eef932123109d35d6dce5391a4d9eee0b

    • SSDEEP

      24576:PpnJM5qB0dazVfVvKKLg2MVlY9kw9a89rS6+MAagBHMWWy/k9VFYTyKzvzYNzyfd:PaazVJK5VlYt9YAy5jMRqqo12+3IXA

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks