General

  • Target

    doc2448.js

  • Size

    55KB

  • Sample

    230531-3md38aca41

  • MD5

    13da9888ade1e43e5b64fc396ac14f2d

  • SHA1

    cf428250859ee0832f0a4b4a1bff64b7b15b7d26

  • SHA256

    afe001c818b06f267bfb1b524d40eb4464dbc177d2e08dc36b533f001f1aa36b

  • SHA512

    f125a22224a53ff3c4f176cd829e909a69115b930a1425ed593c478e56960c1f73173d66b1caa7b99a7fd138fcfcc54864b017a2188acfa2918587ac092d56df

  • SSDEEP

    768:iHCmetUzmdhA9nM1Sta+rZ+ugC1S/4dZq6m:iHCmmdKNw+rZ+qPnm

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://www.snappyshop.it/img/index.php

Targets

    • Target

      doc2448.js

    • Size

      55KB

    • MD5

      13da9888ade1e43e5b64fc396ac14f2d

    • SHA1

      cf428250859ee0832f0a4b4a1bff64b7b15b7d26

    • SHA256

      afe001c818b06f267bfb1b524d40eb4464dbc177d2e08dc36b533f001f1aa36b

    • SHA512

      f125a22224a53ff3c4f176cd829e909a69115b930a1425ed593c478e56960c1f73173d66b1caa7b99a7fd138fcfcc54864b017a2188acfa2918587ac092d56df

    • SSDEEP

      768:iHCmetUzmdhA9nM1Sta+rZ+ugC1S/4dZq6m:iHCmmdKNw+rZ+qPnm

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks