General

  • Target

    XVXCSASD.hta

  • Size

    1.2MB

  • Sample

    230725-qph4qsdd5w

  • MD5

    bfd7a68a151e81eb6f7fac7356bf5320

  • SHA1

    11aeee07c2022179290fef689da9a1c196fc0548

  • SHA256

    0e74d799e5486979f7cafb3c6bbd8fab224f882b82197eb8975818bd61cbb667

  • SHA512

    44358631b78386d47f84e8134e89a9f30fccd7a181be116c5a77c4e7381cee535171213e03df9fa3c9e16970ffb80d3aceee2c8f24eeedb691cded253cbb6132

  • SSDEEP

    3072:/IZaUwEhgIiwnBoK8nLZH3FxXHXyQJw14kb:/IZa17IiwBoTnd3XZJw14kb

Score
10/10

Malware Config

Targets

    • Target

      XVXCSASD.hta

    • Size

      1.2MB

    • MD5

      bfd7a68a151e81eb6f7fac7356bf5320

    • SHA1

      11aeee07c2022179290fef689da9a1c196fc0548

    • SHA256

      0e74d799e5486979f7cafb3c6bbd8fab224f882b82197eb8975818bd61cbb667

    • SHA512

      44358631b78386d47f84e8134e89a9f30fccd7a181be116c5a77c4e7381cee535171213e03df9fa3c9e16970ffb80d3aceee2c8f24eeedb691cded253cbb6132

    • SSDEEP

      3072:/IZaUwEhgIiwnBoK8nLZH3FxXHXyQJw14kb:/IZa17IiwBoTnd3XZJw14kb

    Score
    10/10
    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks