General

  • Target

    servs3029.js

  • Size

    46KB

  • Sample

    230708-keklxsdb62

  • MD5

    8c7ed7c3fb5379123ad345e1021dfc1d

  • SHA1

    9066835dbd6a3f4929da0f9a854315280ae105e3

  • SHA256

    d5f31838190076f9513334c1d93775aae4449c42cfdb4f8e7a09051ff723d73e

  • SHA512

    476136e14bbc19fdc4179346d47122d3d6805a1ec2b11c97cd8464d727db0aa9eb250159e4fb586c0253090f61e3cb44e63313b894202375f7c08caa67e9e0fe

  • SSDEEP

    768:Vdmk5/tv6rGShaGwy+9xgWuNDJ1lVD5NILRHz2Jigw/Gq6QtDkBbAzeyDvV4XD++:VdnxtveGShas8gDXNHILRKFw/N6QR0bB

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://ecotree.co.in/images/cora.zip

exe.dropper

https://ecotree.co.in/images/files/cora.zip

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://ecotree.co.in/images/cora.zip

exe.dropper

https://ecotree.co.in/images/files/cora.zip

Targets

    • Target

      servs3029.js

    • Size

      46KB

    • MD5

      8c7ed7c3fb5379123ad345e1021dfc1d

    • SHA1

      9066835dbd6a3f4929da0f9a854315280ae105e3

    • SHA256

      d5f31838190076f9513334c1d93775aae4449c42cfdb4f8e7a09051ff723d73e

    • SHA512

      476136e14bbc19fdc4179346d47122d3d6805a1ec2b11c97cd8464d727db0aa9eb250159e4fb586c0253090f61e3cb44e63313b894202375f7c08caa67e9e0fe

    • SSDEEP

      768:Vdmk5/tv6rGShaGwy+9xgWuNDJ1lVD5NILRHz2Jigw/Gq6QtDkBbAzeyDvV4XD++:VdnxtveGShas8gDXNHILRKFw/N6QR0bB

    Score
    10/10
    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks