General

  • Target

    scan1668.js

  • Size

    54KB

  • Sample

    230601-t9tmrafg3v

  • MD5

    0b9b45c634d98c7e358f7b614b76f034

  • SHA1

    cdfcae13ea348a6a87f59229c6876024a059df0e

  • SHA256

    4cb8001258b4ff9004a96d580acab1b8c4826a00135d527ac284ef3c8c17af15

  • SHA512

    ad501f5bd6a194a6c681d555a2946ebbe6dec09d1db3795b0a3da1c514029ce528d3b15b39d896b0ed044abdb2145abb4d3545190d0815a2a38e8ed5afb4c396

  • SSDEEP

    768:U+flJ8A4Aczyny8KMkBpxaRh3/cfJkZwzxqTKlr8cqL4RdvEjG:dr2BfpvzMTKMc3vQG

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://mapla.com.mx/uploads/index.php

Targets

    • Target

      scan1668.js

    • Size

      54KB

    • MD5

      0b9b45c634d98c7e358f7b614b76f034

    • SHA1

      cdfcae13ea348a6a87f59229c6876024a059df0e

    • SHA256

      4cb8001258b4ff9004a96d580acab1b8c4826a00135d527ac284ef3c8c17af15

    • SHA512

      ad501f5bd6a194a6c681d555a2946ebbe6dec09d1db3795b0a3da1c514029ce528d3b15b39d896b0ed044abdb2145abb4d3545190d0815a2a38e8ed5afb4c396

    • SSDEEP

      768:U+flJ8A4Aczyny8KMkBpxaRh3/cfJkZwzxqTKlr8cqL4RdvEjG:dr2BfpvzMTKMc3vQG

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks