Overview

overview

10

Static

static

1

ave2441jsj...sjs.js

windows7-x64

10

ave2441jsj...sjs.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ave2441jsjsjsjsjsjsjsjsjs.js

  • Size

    43KB

  • Sample

    230709-tqepgsfb3x

  • MD5

    5233c56ccc6cf90c32660b2d23c20fa9

  • SHA1

    35d627dac337118aeb4a1cf871d8328eb3230ec2

  • SHA256

    f756499384b3ba55143839c4c8bb0ba38f30e682ecf1511a5f592d52f57aa76a

  • SHA512

    94025553831090c85d8ee062f11de1f1ade59e2579bf2e94833687344abc093218fbf9c906e9514c4b8a477749de6c39b65bfe483e6282d5bd03f43f1aa1582a

  • SSDEEP

    768:tweiTuarsdwu+yGhe5AjMZq2KaCN78o6UTyaGnKKq:tli6Ksdwu9AjMZq2BCN78nIYKx

Score
10/10
netsupportrat

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://virvatulishop.com/labda.zip
exe.dropper

https://virvatulishop.com/files/

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://virvatulishop.com/labda.zip
exe.dropper

https://virvatulishop.com/files/

Targets

    • Target

      ave2441jsjsjsjsjsjsjsjsjs.js

    • Size

      43KB

    • MD5

      5233c56ccc6cf90c32660b2d23c20fa9

    • SHA1

      35d627dac337118aeb4a1cf871d8328eb3230ec2

    • SHA256

      f756499384b3ba55143839c4c8bb0ba38f30e682ecf1511a5f592d52f57aa76a

    • SHA512

      94025553831090c85d8ee062f11de1f1ade59e2579bf2e94833687344abc093218fbf9c906e9514c4b8a477749de6c39b65bfe483e6282d5bd03f43f1aa1582a

    • SSDEEP

      768:tweiTuarsdwu+yGhe5AjMZq2KaCN78o6UTyaGnKKq:tli6Ksdwu9AjMZq2BCN78nIYKx

    Score
    10/10
    netsupportrat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks