General

  • Target

    fl1416.js

  • Size

    46KB

  • Sample

    230708-kej1dsdb58

  • MD5

    ab83faeee057af8ebe3f5b37dbc4525a

  • SHA1

    01f3b2d594b1c3ad9f81b2a54dfa46a5c70ecf8e

  • SHA256

    d275da6665f82019afc81940610ecb8e9fb700f6960503c96b306b944f697aef

  • SHA512

    30b7f671202b5d71aa3463f90b186e23b8be75ce17922a3445dbaf5a3b008b998789b17ff331be2a148f704015f29a717bfc02e8409b1979dedea17e42c9e311

  • SSDEEP

    768:GNG6d12fb7TDA0CcTZYc3JDDcK8twr9NvV3EtYGZC1cFwGS7H8puEXt7jJ:GY24fbDA0CIZYc3J0PoT1EyGZC1cFwGF

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://turvavalaisin.fi/loco.zip

exe.dropper

https://turvavalaisin.fi/files/

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://turvavalaisin.fi/loco.zip

exe.dropper

https://turvavalaisin.fi/files/

Targets

    • Target

      fl1416.js

    • Size

      46KB

    • MD5

      ab83faeee057af8ebe3f5b37dbc4525a

    • SHA1

      01f3b2d594b1c3ad9f81b2a54dfa46a5c70ecf8e

    • SHA256

      d275da6665f82019afc81940610ecb8e9fb700f6960503c96b306b944f697aef

    • SHA512

      30b7f671202b5d71aa3463f90b186e23b8be75ce17922a3445dbaf5a3b008b998789b17ff331be2a148f704015f29a717bfc02e8409b1979dedea17e42c9e311

    • SSDEEP

      768:GNG6d12fb7TDA0CcTZYc3JDDcK8twr9NvV3EtYGZC1cFwGS7H8puEXt7jJ:GY24fbDA0CIZYc3J0PoT1EyGZC1cFwGF

    Score
    10/10
    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks