General

  • Target

    docse.php.ps1

  • Size

    2KB

  • Sample

    230531-3pe4asbe96

  • MD5

    ad851537b85a55729af7e464dc4c958c

  • SHA1

    eb5646e1958ce9d927a20a7a5314d2db9436665f

  • SHA256

    84fc45f83b2b529e9f1d0a94b27e37fbeeb42337dce4979cc09dcf3d826d4a68

  • SHA512

    da320aa618d2a27cf32765a34b19e1c88e1d51f56be631af04b986b8eb38aca111e9ca1c7750eca78f1d2cc2559a4584d2532999c84659dacc6eb330457f78e9

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://www.snappyshop.it/img/index.php

Targets

    • Target

      docse.php.ps1

    • Size

      2KB

    • MD5

      ad851537b85a55729af7e464dc4c958c

    • SHA1

      eb5646e1958ce9d927a20a7a5314d2db9436665f

    • SHA256

      84fc45f83b2b529e9f1d0a94b27e37fbeeb42337dce4979cc09dcf3d826d4a68

    • SHA512

      da320aa618d2a27cf32765a34b19e1c88e1d51f56be631af04b986b8eb38aca111e9ca1c7750eca78f1d2cc2559a4584d2532999c84659dacc6eb330457f78e9

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks