General

  • Target

    servs341.js

  • Size

    48KB

  • Sample

    230708-keltzseb5y

  • MD5

    0f178103ae8d637b8797f24fc0301af8

  • SHA1

    249e1a6866c74153824cb992792112f4ea2d2654

  • SHA256

    df4d902f7da2a7da84e00f34ecda7924ad27f5fef1c5397a0bfd15618f6b4f70

  • SHA512

    e543dac0568b12b3fc8bec617775b6a33e3b832a89f97deafeb0f292ca59bcbacd1763c1800a613a3f4aed47bd1de9c517c73e77bacc2a698d09f1658b96ebe7

  • SSDEEP

    1536:v18cfWeYsbsHk1l11ViYvTbeCNa8DOcZCzzVH:v14XsbsE/txL7U+OcZA

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://ecotree.co.in/images/cora.zip

exe.dropper

https://ecotree.co.in/images/files/cora.zip

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://ecotree.co.in/images/cora.zip

exe.dropper

https://ecotree.co.in/images/files/cora.zip

Targets

    • Target

      servs341.js

    • Size

      48KB

    • MD5

      0f178103ae8d637b8797f24fc0301af8

    • SHA1

      249e1a6866c74153824cb992792112f4ea2d2654

    • SHA256

      df4d902f7da2a7da84e00f34ecda7924ad27f5fef1c5397a0bfd15618f6b4f70

    • SHA512

      e543dac0568b12b3fc8bec617775b6a33e3b832a89f97deafeb0f292ca59bcbacd1763c1800a613a3f4aed47bd1de9c517c73e77bacc2a698d09f1658b96ebe7

    • SSDEEP

      1536:v18cfWeYsbsHk1l11ViYvTbeCNa8DOcZCzzVH:v14XsbsE/txL7U+OcZA

    Score
    10/10
    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks