General

  • Target

    huh.js

  • Size

    43KB

  • Sample

    230601-tsz37sfc48

  • MD5

    4dc2bd9d0559270278bec04742bce988

  • SHA1

    7f782a9b9552e427cc65565d3bb21dc8106f649c

  • SHA256

    5baad95720c7b6f77fa453a6575fbe81c3dd867b0b384d2c841c867c11e65916

  • SHA512

    3d332488bc8b6baa31c3bdd38954898e104f9ce4af43d2e4222bfb9170a5583d53b94457906fdf4d3c312b254a0b3f917c167b094a708c1c93346cf4dad5a2da

  • SSDEEP

    384:NHzG8qG4NvUFtzUN5LY0nMBe9dC07TiTcU6jJ2oOdVTpJfi/1M2PdJ8x5wGW:NHzG8qO3O9MBeE0nNIRdVvfitjdJ8fwD

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://mapla.com.mx/uploads/index.php

Targets

    • Target

      huh.js

    • Size

      43KB

    • MD5

      4dc2bd9d0559270278bec04742bce988

    • SHA1

      7f782a9b9552e427cc65565d3bb21dc8106f649c

    • SHA256

      5baad95720c7b6f77fa453a6575fbe81c3dd867b0b384d2c841c867c11e65916

    • SHA512

      3d332488bc8b6baa31c3bdd38954898e104f9ce4af43d2e4222bfb9170a5583d53b94457906fdf4d3c312b254a0b3f917c167b094a708c1c93346cf4dad5a2da

    • SSDEEP

      384:NHzG8qG4NvUFtzUN5LY0nMBe9dC07TiTcU6jJ2oOdVTpJfi/1M2PdJ8x5wGW:NHzG8qO3O9MBeE0nNIRdVvfitjdJ8fwD

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks