General

  • Target

    ave603jsjsjsjsjsjsjsjsjsj.js

  • Size

    46KB

  • Sample

    230709-tqfa1sfb3y

  • MD5

    734c08060ad526d0c40be2cdef4c84d4

  • SHA1

    4db13fddae48543582f8975884770d5ec4b56482

  • SHA256

    48a8c57895c2cfdf13a402e669a9964f56128521404e47b4727672f8ca91a90d

  • SHA512

    fe00bc4d731bd2e0493a255cc0de5a1ff05aac8091ba2134c02f47e8f1ff723afbb25113d21646980952fb4991c818e29034770913d59e118ad892b2d13d443e

  • SSDEEP

    768:2edhq6YG8y1GT/BibL8NmKspYMWjAtRi3i/WfCS8IFvHkgAJBFyt:jHJR1G9ibLomd6DMtRYi/jWfkgAJfyt

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://virvatulishop.com/labda.zip

exe.dropper

https://virvatulishop.com/files/

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://virvatulishop.com/labda.zip

exe.dropper

https://virvatulishop.com/files/

Targets

    • Target

      ave603jsjsjsjsjsjsjsjsjsj.js

    • Size

      46KB

    • MD5

      734c08060ad526d0c40be2cdef4c84d4

    • SHA1

      4db13fddae48543582f8975884770d5ec4b56482

    • SHA256

      48a8c57895c2cfdf13a402e669a9964f56128521404e47b4727672f8ca91a90d

    • SHA512

      fe00bc4d731bd2e0493a255cc0de5a1ff05aac8091ba2134c02f47e8f1ff723afbb25113d21646980952fb4991c818e29034770913d59e118ad892b2d13d443e

    • SSDEEP

      768:2edhq6YG8y1GT/BibL8NmKspYMWjAtRi3i/WfCS8IFvHkgAJBFyt:jHJR1G9ibLomd6DMtRYi/jWfkgAJfyt

    Score
    10/10
    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks