General

  • Target

    scan885.zip

  • Size

    12KB

  • Sample

    230601-qdfjgaeg4v

  • MD5

    b4928bc2a30c427bc3692153a6ab0a8c

  • SHA1

    a18b246f69b4798d0263f3eb4256216201226b1c

  • SHA256

    4855f83dcf70894e7bcc83d70150bc536f3f46d1323a6c11f32f192ecf02158d

  • SHA512

    97077df2e6ef76505dbbe974515750a70cf7672928badc2b8e383afc1416ceae4aeb0b84a883f16978699a4992715652833af6f50ecb5942aa8ea844cf8960ac

  • SSDEEP

    192:kC8k2SXRHYATnHqwJStGRf/qNkKVcrDBVZc2H2iPe0cKy6XCSr78ntvCLVdRlxpp:7hG6D6NDcrDjXHZPe06kQnlCpdRlHvB

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://www.snappyshop.it/img/index.php

Targets

    • Target

      scan885.js

    • Size

      43KB

    • MD5

      5b2d25d2e5f3afb29469afcb67250fc8

    • SHA1

      785eba8532d46df54d0b2391b79838a67f6a3fb4

    • SHA256

      b2f36ee032e86f9c76ce6577a71e3fb21b512a64837c4e468b6a2e2bfed303ad

    • SHA512

      090f741e6ab10a6ad50144d118ce024e4e3d5eece276fbe01277dec95bb8f92ddb057ba95643ed48b8819ff0d60bf2b3dbcc195cd1d182f4937cc28ea9d3dc6c

    • SSDEEP

      768:wlVcONzMPUHGjpO5jP/BolWrEOiz9cYG8i19IHpCtId9n:wbnNzMsHGo5L/BomiSx8VHp1D

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks