General

  • Target

    scan214.zip

  • Size

    14KB

  • Sample

    230601-sjfsjafc5y

  • MD5

    9c5891088c452eb9de33486a51df0513

  • SHA1

    94b90bdfcd517d2b1cc69754c731b03d814827d1

  • SHA256

    2d10ef76a67b2b9f230c13204accf044862d5b31a319654d24956f4e2be52216

  • SHA512

    382791da27a17f509133cbdcb57c805d2abe0bed6fdca5238923da39710fc5c3db2ac7f3add75ccd4e2234d963f090b4362ca664d2f3e15a0fcd68c012833586

  • SSDEEP

    384:Rlog6rFQOBn+7S0rHsYufDgcqhV4xkeqFf:YjrWOh+57sXfCZZ

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://www.snappyshop.it/img/index.php

Targets

    • Target

      scan214.js

    • Size

      54KB

    • MD5

      732067e4491fc9ea850d2fa5b83c708b

    • SHA1

      30f586c210d4eb5705f15ddf7066a3d17cfc0faf

    • SHA256

      d2ea16afc980ed80a65a99f283563bd8d3968c4d8b5584d2e21970f87c968f84

    • SHA512

      0ca73613e8c4ba945c33e314c2aeef93de3e8c0d28190c52fe89a2d1c7e212ffcb6171a36dbbe323aa4ccbb3099b6465812da8d5b2cd6b8c643497e9cf6cc11b

    • SSDEEP

      768:Xen3MttcVfNXh1rGMEPets+AB7YC6uSoyQgOKT:G8QRlJEPets+AB7LXSoyB

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks