General

  • Target

    scan1668.zip

  • Size

    14KB

  • Sample

    230601-vjh9rsfd97

  • MD5

    e1e6652b907df9532e2a45e9e4ef37dc

  • SHA1

    a2cbba192acd5f279243da82c522400e36524f74

  • SHA256

    95b92991ba4f4d6d9f311d1a2c1be5aefda3747218c3ca95d9dc09464cfd72c8

  • SHA512

    0b73ab8b9bb2f3c0629a62b532eae16e61c32d079d412025556660bc7d48f3a33c41b6eb5c88be926543026851f507fc5fbe580632d5bb2778b8530e890e5bad

  • SSDEEP

    384:7WuIIPC10a6C5FQ01ynl0Y/OLXC98xeXj+1iBXfLDXLkS3:7iI6aa6wFQjnl0G8xeXj+sBvHXo2

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://mapla.com.mx/uploads/index.php

Targets

    • Target

      scan1668.js

    • Size

      54KB

    • MD5

      0b9b45c634d98c7e358f7b614b76f034

    • SHA1

      cdfcae13ea348a6a87f59229c6876024a059df0e

    • SHA256

      4cb8001258b4ff9004a96d580acab1b8c4826a00135d527ac284ef3c8c17af15

    • SHA512

      ad501f5bd6a194a6c681d555a2946ebbe6dec09d1db3795b0a3da1c514029ce528d3b15b39d896b0ed044abdb2145abb4d3545190d0815a2a38e8ed5afb4c396

    • SSDEEP

      768:U+flJ8A4Aczyny8KMkBpxaRh3/cfJkZwzxqTKlr8cqL4RdvEjG:dr2BfpvzMTKMc3vQG

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks