General

  • Target

    scan1574.js

  • Size

    59KB

  • Sample

    230601-p9eflseg2x

  • MD5

    4e4fd19607b3c47da34ef4e6acff4572

  • SHA1

    fc07676c88d957138913c0204a09cb62207de023

  • SHA256

    39016be4624cfe65c113089e3de891559885e61a522331b3ff6a8af8f37b5fcc

  • SHA512

    97669371f9969dc00a653619a5b334dd51627284553c148def0af105c4c49aa341bda7349ddecfced14f6ed7dddb88a2f0c48795f11d0d47d0cee4f2e8e7a330

  • SSDEEP

    768:JwqnycCl05WgddGUO1iCykoQase1H6kDi:JHycHz0FvBSap

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://www.snappyshop.it/img/index.php

Targets

    • Target

      scan1574.js

    • Size

      59KB

    • MD5

      4e4fd19607b3c47da34ef4e6acff4572

    • SHA1

      fc07676c88d957138913c0204a09cb62207de023

    • SHA256

      39016be4624cfe65c113089e3de891559885e61a522331b3ff6a8af8f37b5fcc

    • SHA512

      97669371f9969dc00a653619a5b334dd51627284553c148def0af105c4c49aa341bda7349ddecfced14f6ed7dddb88a2f0c48795f11d0d47d0cee4f2e8e7a330

    • SSDEEP

      768:JwqnycCl05WgddGUO1iCykoQase1H6kDi:JHycHz0FvBSap

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks