General

  • Target

    servs2508.js

  • Size

    46KB

  • Sample

    230708-keh34adb55

  • MD5

    fa059b3389ea111fd8cb6461a18ba0e5

  • SHA1

    018ef250427f5b00ddd8e1fa7329185aa3d302a1

  • SHA256

    8fbe2784cef7404afbb504a8e5259fdcd87ff3bb507561d54973117b1b4a37e8

  • SHA512

    cee84132f2805ca249c16ef52d9692d30633b26de2ddbee5c1f976821819e93cea52489405d3bb07260b1908827d17b41006e2d4fa9bd15b935ede2578fb6653

  • SSDEEP

    768:0swecKSf0MTLBAZvA7otTjxqQ+soTqKxpg+ljPPjD8wpzu0j9HBN/ca9BM56kyRg:0swpKiTLBSvEsTdqgo9x2+ljXjfzDjlC

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://ecotree.co.in/images/cora.zip

exe.dropper

https://ecotree.co.in/images/files/cora.zip

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://ecotree.co.in/images/cora.zip

exe.dropper

https://ecotree.co.in/images/files/cora.zip

Targets

    • Target

      servs2508.js

    • Size

      46KB

    • MD5

      fa059b3389ea111fd8cb6461a18ba0e5

    • SHA1

      018ef250427f5b00ddd8e1fa7329185aa3d302a1

    • SHA256

      8fbe2784cef7404afbb504a8e5259fdcd87ff3bb507561d54973117b1b4a37e8

    • SHA512

      cee84132f2805ca249c16ef52d9692d30633b26de2ddbee5c1f976821819e93cea52489405d3bb07260b1908827d17b41006e2d4fa9bd15b935ede2578fb6653

    • SSDEEP

      768:0swecKSf0MTLBAZvA7otTjxqQ+soTqKxpg+ljPPjD8wpzu0j9HBN/ca9BM56kyRg:0swpKiTLBSvEsTdqgo9x2+ljXjfzDjlC

    Score
    10/10
    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks