General

  • Target

    3cdd5c2e3f1d9536363db26297ccc3ee.js

  • Size

    572KB

  • Sample

    230718-qnyg2aaf83

  • MD5

    3cdd5c2e3f1d9536363db26297ccc3ee

  • SHA1

    60c59a6729efb3ca395e596c58ecc3ae92be4f0f

  • SHA256

    50cf3d4f944c6e90718dd37ede3a9f1cf728b4ffde4ab6e525de0c5b73e8f30a

  • SHA512

    7fe0a34301bc964ede5d2f71009254c73ebe2859d4a1bfd0ae4662baf85fb9d35604dae49b493b4df8f187f90636e5be58f1463cb6b8ddf44ea8b2a58c5b535a

  • SSDEEP

    12288:Mw6lc81pZlUUUUMtKUK1KSKPKCKCK/Zp8wDlj4W4f464y4W:M7pZlUUUUMM3UByRR//8clQ

Malware Config

Targets

    • Target

      3cdd5c2e3f1d9536363db26297ccc3ee.js

    • Size

      572KB

    • MD5

      3cdd5c2e3f1d9536363db26297ccc3ee

    • SHA1

      60c59a6729efb3ca395e596c58ecc3ae92be4f0f

    • SHA256

      50cf3d4f944c6e90718dd37ede3a9f1cf728b4ffde4ab6e525de0c5b73e8f30a

    • SHA512

      7fe0a34301bc964ede5d2f71009254c73ebe2859d4a1bfd0ae4662baf85fb9d35604dae49b493b4df8f187f90636e5be58f1463cb6b8ddf44ea8b2a58c5b535a

    • SSDEEP

      12288:Mw6lc81pZlUUUUMtKUK1KSKPKCKCK/Zp8wDlj4W4f464y4W:M7pZlUUUUMM3UByRR//8clQ

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks