General

  • Target

    scan1574.zip

  • Size

    15KB

  • Sample

    230601-sjfsjafc5x

  • MD5

    a7cbd0d50e9a83e769cac7e8a0718060

  • SHA1

    721bbd702e1377c98d1a1a459d7354709b1f43f8

  • SHA256

    70d4c1068ade759c371bf6d72411fdaf7d762cec34597b01d0c75042862aafc6

  • SHA512

    9e2a164f12d80f1d67d07a9d1881b200d2f1a0f1673a15c213a7cbb0b783a5e80755017ac33cd367bbe274c7324725c3ab4e27d4a9636ebf58ee9cceb9cc8e98

  • SSDEEP

    384:kb4ZHGqJt1PRKNxNPwQb3UJyr9fh+8sdByj1qnzQB4SdeM5:kb4ZHGqP1PRKNLYQbEJE56QV

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://www.snappyshop.it/img/index.php

Targets

    • Target

      scan1574.js

    • Size

      59KB

    • MD5

      4e4fd19607b3c47da34ef4e6acff4572

    • SHA1

      fc07676c88d957138913c0204a09cb62207de023

    • SHA256

      39016be4624cfe65c113089e3de891559885e61a522331b3ff6a8af8f37b5fcc

    • SHA512

      97669371f9969dc00a653619a5b334dd51627284553c148def0af105c4c49aa341bda7349ddecfced14f6ed7dddb88a2f0c48795f11d0d47d0cee4f2e8e7a330

    • SSDEEP

      768:JwqnycCl05WgddGUO1iCykoQase1H6kDi:JHycHz0FvBSap

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks