General

  • Target

    servs2640.js

  • Size

    46KB

  • Sample

    230708-kel5radb63

  • MD5

    4c62c6a8e0c9cd145ca0aa98d48a8f49

  • SHA1

    dd59c92ad4e81ba848cd5fa443d184cb40a9d16e

  • SHA256

    b8686d667af55f779c7a64a334c9486af48998411cef6b6be46bcbd9150e019b

  • SHA512

    90e3848554384e17e20f52fe41a8694d178bd1bb42a486c147138b51ec1dd2990bc5ff0deacc225759b9f6ca33f372450f8cba79e716d072674699e90e8f0344

  • SSDEEP

    768:YHKA9SzXkvGj+uVtN6HwzkvZbW/us+1bMUWwMrA0HTwkbbOZhp1Io5Lex:YHOzXkvenN6HwgRK/h+Kj/A0fyZh7Iai

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://ecotree.co.in/images/cora.zip

exe.dropper

https://ecotree.co.in/images/files/cora.zip

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://ecotree.co.in/images/cora.zip

exe.dropper

https://ecotree.co.in/images/files/cora.zip

Targets

    • Target

      servs2640.js

    • Size

      46KB

    • MD5

      4c62c6a8e0c9cd145ca0aa98d48a8f49

    • SHA1

      dd59c92ad4e81ba848cd5fa443d184cb40a9d16e

    • SHA256

      b8686d667af55f779c7a64a334c9486af48998411cef6b6be46bcbd9150e019b

    • SHA512

      90e3848554384e17e20f52fe41a8694d178bd1bb42a486c147138b51ec1dd2990bc5ff0deacc225759b9f6ca33f372450f8cba79e716d072674699e90e8f0344

    • SSDEEP

      768:YHKA9SzXkvGj+uVtN6HwzkvZbW/us+1bMUWwMrA0HTwkbbOZhp1Io5Lex:YHOzXkvenN6HwgRK/h+Kj/A0fyZh7Iai

    Score
    10/10
    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks