General

  • Target

    ave6608jsjsjsjsjsjsjsjsjs.js

  • Size

    48KB

  • Sample

    230709-szaw8adg87

  • MD5

    493f69ec7712ffa62e867ad4d1782032

  • SHA1

    d1793f4c3c1a4edeb6f733357ca8905e6fa384c9

  • SHA256

    2b04eb3c0f95ecd1e2a5b74275d82ce3d92f8b153774a59fb7243d39b1b56ae9

  • SHA512

    1bddaa72265811bfda643596cb6bc211a07f9687d9f5cc21a10c9cff362da4d8f013328a5e484557f7559fa60434f39087d611dfcf54fe7e8abf4fd2cd836a09

  • SSDEEP

    768:mj+yH/l9fdyDlNT4kBPZT3ezR++ag4yuCdIfqMrWVE0rZj4P/T:myyH/ndyDlNT4mPlu+BOuKIfqYgZjyT

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://virvatulishop.com/labda.zip

exe.dropper

https://virvatulishop.com/files/

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://virvatulishop.com/labda.zip

exe.dropper

https://virvatulishop.com/files/

Targets

    • Target

      ave6608jsjsjsjsjsjsjsjsjs.js

    • Size

      48KB

    • MD5

      493f69ec7712ffa62e867ad4d1782032

    • SHA1

      d1793f4c3c1a4edeb6f733357ca8905e6fa384c9

    • SHA256

      2b04eb3c0f95ecd1e2a5b74275d82ce3d92f8b153774a59fb7243d39b1b56ae9

    • SHA512

      1bddaa72265811bfda643596cb6bc211a07f9687d9f5cc21a10c9cff362da4d8f013328a5e484557f7559fa60434f39087d611dfcf54fe7e8abf4fd2cd836a09

    • SSDEEP

      768:mj+yH/l9fdyDlNT4kBPZT3ezR++ag4yuCdIfqMrWVE0rZj4P/T:myyH/ndyDlNT4mPlu+BOuKIfqYgZjyT

    Score
    10/10
    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks