General

  • Target

    Wupos_compliance_Receipt_details_jpeg.exe

  • Size

    2.3MB

  • Sample

    230718-1x5yksfa2y

  • MD5

    d20e91e4fe5b4d0ec91edf33b0bd4824

  • SHA1

    a4c34f427f7a87f198e539af6ebdebcb975a5f35

  • SHA256

    e7e524158b0b345b2085c9a8f8d4feed778fb8cef4e13d832785680963a2405d

  • SHA512

    65c85f7ca330bbe223a048200beb1eca5f67247715772b926049c0d17b6a3a0f3d4f00d0fd2974f250efdb499a70e580b76205d4f0603136ace2da1d050d0757

  • SSDEEP

    49152:iBG0l+1O+OOCOObtuKsZO6T9xRtvbH1D3lEB5/4FWxbsu4s9CyxjY8:6bl+1O+OOCOO5uKs4u3RhbVzlm/Zcs9N

Score
10/10

Malware Config

Targets

    • Target

      Wupos_compliance_Receipt_details_jpeg.exe

    • Size

      2.3MB

    • MD5

      d20e91e4fe5b4d0ec91edf33b0bd4824

    • SHA1

      a4c34f427f7a87f198e539af6ebdebcb975a5f35

    • SHA256

      e7e524158b0b345b2085c9a8f8d4feed778fb8cef4e13d832785680963a2405d

    • SHA512

      65c85f7ca330bbe223a048200beb1eca5f67247715772b926049c0d17b6a3a0f3d4f00d0fd2974f250efdb499a70e580b76205d4f0603136ace2da1d050d0757

    • SSDEEP

      49152:iBG0l+1O+OOCOObtuKsZO6T9xRtvbH1D3lEB5/4FWxbsu4s9CyxjY8:6bl+1O+OOCOO5uKs4u3RhbVzlm/Zcs9N

    Score
    10/10
    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks