General

  • Target

    scan521.js

  • Size

    58KB

  • Sample

    230601-glv5fsch24

  • MD5

    fb51c86fbd02d5765a0e9977d51dcaac

  • SHA1

    46905318dc8cc24372633f2fe439f69d2b734182

  • SHA256

    baa4c2b6e21ecd078a91ebf5d4c85c3507887c84a6a23e0cfda6034ac86abc27

  • SHA512

    bd8a5dc83933386957376b9753d823c269805b72ea01149969c511578ac16bc804c81d586d6051bb21c930c9af2dc7fd5774470d69ce6c678309e23ac6350698

  • SSDEEP

    768:DD9/AwHLQ+Y8p6PK7jJq0OV/c0Z/wcbBmCa:DpOopJ7jJEU0a

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://www.snappyshop.it/img/index.php

Targets

    • Target

      scan521.js

    • Size

      58KB

    • MD5

      fb51c86fbd02d5765a0e9977d51dcaac

    • SHA1

      46905318dc8cc24372633f2fe439f69d2b734182

    • SHA256

      baa4c2b6e21ecd078a91ebf5d4c85c3507887c84a6a23e0cfda6034ac86abc27

    • SHA512

      bd8a5dc83933386957376b9753d823c269805b72ea01149969c511578ac16bc804c81d586d6051bb21c930c9af2dc7fd5774470d69ce6c678309e23ac6350698

    • SSDEEP

      768:DD9/AwHLQ+Y8p6PK7jJq0OV/c0Z/wcbBmCa:DpOopJ7jJEU0a

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks