General

  • Target

    xvrqd02.ps1

  • Size

    1KB

  • Sample

    230709-kmklwsbf26

  • MD5

    a67667f3f0788b660636fdcf55c1e74e

  • SHA1

    20e2bd17eacf5d706f0cb82c50ce4fca82ec1a58

  • SHA256

    115be6ef61e8498e05579ad4c00c6432bc67e57e14ec01eccb54887f620b5cda

  • SHA512

    832bd2da768c9235ce9fbc639fd9e77adcf1eabef2540cb4520bdceb7790eee0107384f094365327f50e4fd22745a9b9214532abca3690f9898755549184c19e

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://virvatulishop.eu/costa.zip

exe.dropper

https://virvatulishop.eu/files/

Targets

    • Target

      xvrqd02.ps1

    • Size

      1KB

    • MD5

      a67667f3f0788b660636fdcf55c1e74e

    • SHA1

      20e2bd17eacf5d706f0cb82c50ce4fca82ec1a58

    • SHA256

      115be6ef61e8498e05579ad4c00c6432bc67e57e14ec01eccb54887f620b5cda

    • SHA512

      832bd2da768c9235ce9fbc639fd9e77adcf1eabef2540cb4520bdceb7790eee0107384f094365327f50e4fd22745a9b9214532abca3690f9898755549184c19e

    Score
    10/10
    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks