General

  • Target

    servs1758.js

  • Size

    46KB

  • Sample

    230708-kek8fseb5x

  • MD5

    3bd312549cceba21dc4cb32b5c19f74c

  • SHA1

    99c08363e3b712d3a23479074940b24571b022e7

  • SHA256

    9d40fa0a7ed9fdfd098107b8339eb016f86b8d562cb78d2ef74175f39836252f

  • SHA512

    5cc74decf65d9f0e79baf08503de8cbb756568cde97f5b50a204ca79de90a4cec6bc0a8b49fb5aa923709b6f660b6534d4f31fb8d33352fd450bbdb6c289a2f3

  • SSDEEP

    768:cBAtdzzfVQpfm81MPfdVdjBmDV+ZjV1+yKgcVRpjTRdCqJOVFgC8y:TdzhQpfm81MPfdVdjc+j8yKpVRpjldkH

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://ecotree.co.in/images/cora.zip

exe.dropper

https://ecotree.co.in/images/files/cora.zip

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://ecotree.co.in/images/cora.zip

exe.dropper

https://ecotree.co.in/images/files/cora.zip

Targets

    • Target

      servs1758.js

    • Size

      46KB

    • MD5

      3bd312549cceba21dc4cb32b5c19f74c

    • SHA1

      99c08363e3b712d3a23479074940b24571b022e7

    • SHA256

      9d40fa0a7ed9fdfd098107b8339eb016f86b8d562cb78d2ef74175f39836252f

    • SHA512

      5cc74decf65d9f0e79baf08503de8cbb756568cde97f5b50a204ca79de90a4cec6bc0a8b49fb5aa923709b6f660b6534d4f31fb8d33352fd450bbdb6c289a2f3

    • SSDEEP

      768:cBAtdzzfVQpfm81MPfdVdjBmDV+ZjV1+yKgcVRpjTRdCqJOVFgC8y:TdzhQpfm81MPfdVdjc+j8yKpVRpjldkH

    Score
    10/10
    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks