General

  • Target

    fl5282.js

  • Size

    51KB

  • Sample

    230708-kejpmadb57

  • MD5

    d596f6081104beac54a707348ea7b938

  • SHA1

    b6aa5d3ce699e19af5fc274129b44d32e4483ad9

  • SHA256

    c0e715d678b708e737be02530f3b239b11169189b02b841a4f197fe4cbcf45b6

  • SHA512

    9411dbe63efbfe397258a5f76c8e173e9f4c84a21567fbfaa2d35aee750d1932a095641289571b53a9c341badd2e322dc3206b55fd964ee36c5a84769dd492e9

  • SSDEEP

    1536:gXj4AcriBAlhnht37QUttRCRdXc8eHQxpNbJBGt:g4A/AhoUtXCRdXVlmt

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://turvavalaisin.fi/loco.zip

exe.dropper

https://turvavalaisin.fi/files/

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://turvavalaisin.fi/loco.zip

exe.dropper

https://turvavalaisin.fi/files/

Targets

    • Target

      fl5282.js

    • Size

      51KB

    • MD5

      d596f6081104beac54a707348ea7b938

    • SHA1

      b6aa5d3ce699e19af5fc274129b44d32e4483ad9

    • SHA256

      c0e715d678b708e737be02530f3b239b11169189b02b841a4f197fe4cbcf45b6

    • SHA512

      9411dbe63efbfe397258a5f76c8e173e9f4c84a21567fbfaa2d35aee750d1932a095641289571b53a9c341badd2e322dc3206b55fd964ee36c5a84769dd492e9

    • SSDEEP

      1536:gXj4AcriBAlhnht37QUttRCRdXc8eHQxpNbJBGt:g4A/AhoUtXCRdXVlmt

    Score
    10/10
    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks