General

  • Target

    5073invcomp5073.js

  • Size

    59KB

  • Sample

    230601-lnmy3sde64

  • MD5

    5027f10af3caf0ebe1ffa71b3adf89f1

  • SHA1

    15530989f5509119ea837caf74f4a21206462848

  • SHA256

    9321af78c8bd098beaf2fabc232f510b27672270f7e1bb455c4a6a530fd41647

  • SHA512

    a09ae60cdc142e86b62b81061c79310f281001cf364578756b3f30d27e37e51e12dea57d97c477b1672a646bfa47e67ed8aa70177956e2d04ba4c6b3882ff60e

  • SSDEEP

    768:aRG3vSb0kbrdaL1jsrpvnvdkKmS2na42AbJTh0jswz7AL0gboVC:as3vM06VkiiaJAVTh/LZbcC

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://www.snappyshop.it/img/index.php

Targets

    • Target

      5073invcomp5073.js

    • Size

      59KB

    • MD5

      5027f10af3caf0ebe1ffa71b3adf89f1

    • SHA1

      15530989f5509119ea837caf74f4a21206462848

    • SHA256

      9321af78c8bd098beaf2fabc232f510b27672270f7e1bb455c4a6a530fd41647

    • SHA512

      a09ae60cdc142e86b62b81061c79310f281001cf364578756b3f30d27e37e51e12dea57d97c477b1672a646bfa47e67ed8aa70177956e2d04ba4c6b3882ff60e

    • SSDEEP

      768:aRG3vSb0kbrdaL1jsrpvnvdkKmS2na42AbJTh0jswz7AL0gboVC:as3vM06VkiiaJAVTh/LZbcC

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks