General

  • Target

    06964299.js

  • Size

    54KB

  • Sample

    230601-sdlrlafb9s

  • MD5

    732067e4491fc9ea850d2fa5b83c708b

  • SHA1

    30f586c210d4eb5705f15ddf7066a3d17cfc0faf

  • SHA256

    d2ea16afc980ed80a65a99f283563bd8d3968c4d8b5584d2e21970f87c968f84

  • SHA512

    0ca73613e8c4ba945c33e314c2aeef93de3e8c0d28190c52fe89a2d1c7e212ffcb6171a36dbbe323aa4ccbb3099b6465812da8d5b2cd6b8c643497e9cf6cc11b

  • SSDEEP

    768:Xen3MttcVfNXh1rGMEPets+AB7YC6uSoyQgOKT:G8QRlJEPets+AB7LXSoyB

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://www.snappyshop.it/img/index.php

Targets

    • Target

      06964299.js

    • Size

      54KB

    • MD5

      732067e4491fc9ea850d2fa5b83c708b

    • SHA1

      30f586c210d4eb5705f15ddf7066a3d17cfc0faf

    • SHA256

      d2ea16afc980ed80a65a99f283563bd8d3968c4d8b5584d2e21970f87c968f84

    • SHA512

      0ca73613e8c4ba945c33e314c2aeef93de3e8c0d28190c52fe89a2d1c7e212ffcb6171a36dbbe323aa4ccbb3099b6465812da8d5b2cd6b8c643497e9cf6cc11b

    • SSDEEP

      768:Xen3MttcVfNXh1rGMEPets+AB7YC6uSoyQgOKT:G8QRlJEPets+AB7LXSoyB

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks