General

  • Target

    notepad3285.js

  • Size

    45KB

  • Sample

    230708-kel5raeb5z

  • MD5

    5b8f7f144d4b0d6acc2e32350461f555

  • SHA1

    4295d3f4b7cf96051842be8b3e946c1c4b568a0a

  • SHA256

    1ee2ad7b70f34878d0bf1122fb34603ebe6723e5773412a0be8c0577309a8cc0

  • SHA512

    f8800633d94edbc74dbbad925ccca28d565eded522fdada91b15bf30c35bc27b511bc0c8c948cfdd31a5483a999eb468b01f21b72b43eb9c0daa44b10ba71f6a

  • SSDEEP

    768:qhDWXgAYSt91THAmMiHA3HfLjgRtXwOfDVSFKgQZPrnQ/i:qhSXgtSt91TtDMHffgRFVSFKgur

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://virvatulishop.eu/costa.zip

exe.dropper

https://virvatulishop.eu/files/

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://virvatulishop.eu/costa.zip

exe.dropper

https://virvatulishop.eu/files/

Targets

    • Target

      notepad3285.js

    • Size

      45KB

    • MD5

      5b8f7f144d4b0d6acc2e32350461f555

    • SHA1

      4295d3f4b7cf96051842be8b3e946c1c4b568a0a

    • SHA256

      1ee2ad7b70f34878d0bf1122fb34603ebe6723e5773412a0be8c0577309a8cc0

    • SHA512

      f8800633d94edbc74dbbad925ccca28d565eded522fdada91b15bf30c35bc27b511bc0c8c948cfdd31a5483a999eb468b01f21b72b43eb9c0daa44b10ba71f6a

    • SSDEEP

      768:qhDWXgAYSt91THAmMiHA3HfLjgRtXwOfDVSFKgQZPrnQ/i:qhSXgtSt91TtDMHffgRFVSFKgur

    Score
    10/10
    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks