General

  • Target

    scan1324.zip

  • Size

    14KB

  • Sample

    230601-wn6fjaga51

  • MD5

    81d4285640c04320de50fe678d6a1042

  • SHA1

    38c5f8b3d8799bda727835cda8afdac2f46e7bdf

  • SHA256

    f335859efbbb94db2933e6094b237f3d3e5fd2091f328663a68c1f1d49ad0684

  • SHA512

    7660c27c6083c6dc2dbb1406adbead220d3dc3487d06049bdc611645cbaf06f46001350b17411b07ea1628396d81caa31c2308cd1e2f2c2ba6cde92036900ddb

  • SSDEEP

    384:9H7JjGoL72lCnB6+tla959WaKxEO9bLbVHB0ed:tJjGo/hlEkG0b3VHB0c

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://mapla.com.mx/uploads/index.php

Targets

    • Target

      scan1324.js

    • Size

      53KB

    • MD5

      94bbb84781d2e4adfa6265c870631230

    • SHA1

      7a861962fa4287f265472f20a493bb1978cd96c4

    • SHA256

      f4a82b0c21cf032172b2ae37ee20279a72f12f02ecc3f9dd6c743ebe11c22891

    • SHA512

      3d6fa9e31f6478dbf99cfb702c94168c529e1a182efb40067621e611c8b959a81f3b9f343bda3c6bc5b93a76b660e7a42219253a7a5aa6e0858e3c8326e8c1c7

    • SSDEEP

      768:Sjze8k8z9wKdnMk1PbTVdiNccvKV4Sb1M1MQoy9:az9JNX1n6rveMOdy9

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks