General

  • Target

    ave6119jsjsjsjsjsjsjsjsjs.js

  • Size

    48KB

  • Sample

    230709-sy9ddsdg86

  • MD5

    55843871939bed9cad5acd5fba556736

  • SHA1

    178c0a04d0ff6c2bb2baa1e5e241f3028198b935

  • SHA256

    c4a3d1cec5bac2e0f1eb4671633ee0650b07831004130bd1d76c503655d2d26f

  • SHA512

    a172c45060209c9ee5afd1348ed346a3c1de41f4b75b7ae4f58c9f0ae0f1782dbc0d5bf4e45c977b74bdecdf11f569203861ccba4526bb2a21c18734c673a6e3

  • SSDEEP

    1536:nb1OUBLsGy18tV+FKnU7rkGsBWOnK5/YP2ay++o:nb1lwaH+FKZGsBNnK5/YPeVo

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://virvatulishop.com/labda.zip

exe.dropper

https://virvatulishop.com/files/

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://virvatulishop.com/labda.zip

exe.dropper

https://virvatulishop.com/files/

Targets

    • Target

      ave6119jsjsjsjsjsjsjsjsjs.js

    • Size

      48KB

    • MD5

      55843871939bed9cad5acd5fba556736

    • SHA1

      178c0a04d0ff6c2bb2baa1e5e241f3028198b935

    • SHA256

      c4a3d1cec5bac2e0f1eb4671633ee0650b07831004130bd1d76c503655d2d26f

    • SHA512

      a172c45060209c9ee5afd1348ed346a3c1de41f4b75b7ae4f58c9f0ae0f1782dbc0d5bf4e45c977b74bdecdf11f569203861ccba4526bb2a21c18734c673a6e3

    • SSDEEP

      1536:nb1OUBLsGy18tV+FKnU7rkGsBWOnK5/YP2ay++o:nb1lwaH+FKZGsBNnK5/YPeVo

    Score
    10/10
    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks