General

  • Target

    cgimueg.ps1

  • Size

    1KB

  • Sample

    230709-kmcw2sbe99

  • MD5

    602ddf33f4503aa4be8ca0aa985ace7f

  • SHA1

    701986a85f9e19f1661a3c264d0a8bce56a0b870

  • SHA256

    8f4172400d410e7b4a7230b2b05fd9ef7f677aa500581a638beab5b981887e73

  • SHA512

    c15eaaafe705fbfcee2e3e87f07d965d77d52ee957f324b28d67dba46342c714f69201ece72bec230394239d47142cb65a5bcc1f1af8ff8ec8b2521dd00b11fd

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://virvatulishop.com/labda.zip

exe.dropper

https://virvatulishop.com/files/

Targets

    • Target

      cgimueg.ps1

    • Size

      1KB

    • MD5

      602ddf33f4503aa4be8ca0aa985ace7f

    • SHA1

      701986a85f9e19f1661a3c264d0a8bce56a0b870

    • SHA256

      8f4172400d410e7b4a7230b2b05fd9ef7f677aa500581a638beab5b981887e73

    • SHA512

      c15eaaafe705fbfcee2e3e87f07d965d77d52ee957f324b28d67dba46342c714f69201ece72bec230394239d47142cb65a5bcc1f1af8ff8ec8b2521dd00b11fd

    Score
    10/10
    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks