General

  • Target

    tUUPQygorhzFkIcHuB.bat

  • Size

    12KB

  • Sample

    230718-sj14gabe34

  • MD5

    d915e6d4a7e64a25bfe1717ac1f5b501

  • SHA1

    06e40f582d31d9d1b9d7817e26fd348859700800

  • SHA256

    6054f328f8d54d0a54f5e3b90cff020e139105eb5aa5a3be52c29dbea6289c30

  • SHA512

    785bd76f044137d7efaa81026d8bbefcaf5b12bbc7a371b8ffd2cd65392d957261f5d37b839a760c41c3e07fba3301e6cce2018457341a1070b6f361bb193f78

  • SSDEEP

    384:CsH2gXWsqXSObLUq/PAQG/6cZrQZDHluO/h24LdFmFZdtd3kvCAoz:CR/IQNxdmZdtd3kvCAoz

Malware Config

Targets

    • Target

      tUUPQygorhzFkIcHuB.bat

    • Size

      12KB

    • MD5

      d915e6d4a7e64a25bfe1717ac1f5b501

    • SHA1

      06e40f582d31d9d1b9d7817e26fd348859700800

    • SHA256

      6054f328f8d54d0a54f5e3b90cff020e139105eb5aa5a3be52c29dbea6289c30

    • SHA512

      785bd76f044137d7efaa81026d8bbefcaf5b12bbc7a371b8ffd2cd65392d957261f5d37b839a760c41c3e07fba3301e6cce2018457341a1070b6f361bb193f78

    • SSDEEP

      384:CsH2gXWsqXSObLUq/PAQG/6cZrQZDHluO/h24LdFmFZdtd3kvCAoz:CR/IQNxdmZdtd3kvCAoz

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks