General

  • Target

    downloadingupd.hta

  • Size

    1.2MB

  • Sample

    230725-xp2dmsfd32

  • MD5

    9a8ccd2fbf7800e3fb750f84fe1a8771

  • SHA1

    11311b36cb225b070fb9e27b84b7502635485bc1

  • SHA256

    e64fb3d5024306678f9f85e1c009b4a285eb1a9ef6c81d2e4a1d3eca7740d841

  • SHA512

    5416a00669dd8f0116461cc93657b8a425faa857dadb496fd983743d2890a27e3a5d7fa2c30e13009fcdabd9beb24975b22b3131dbac61fd3ba0449bd3eef9da

  • SSDEEP

    3072:u2mvy8TrsZuS135EmoyZVNdtQIKwxD9DZkEj:dmvy80sSTTZd9dBj

Score
10/10

Malware Config

Targets

    • Target

      downloadingupd.hta

    • Size

      1.2MB

    • MD5

      9a8ccd2fbf7800e3fb750f84fe1a8771

    • SHA1

      11311b36cb225b070fb9e27b84b7502635485bc1

    • SHA256

      e64fb3d5024306678f9f85e1c009b4a285eb1a9ef6c81d2e4a1d3eca7740d841

    • SHA512

      5416a00669dd8f0116461cc93657b8a425faa857dadb496fd983743d2890a27e3a5d7fa2c30e13009fcdabd9beb24975b22b3131dbac61fd3ba0449bd3eef9da

    • SSDEEP

      3072:u2mvy8TrsZuS135EmoyZVNdtQIKwxD9DZkEj:dmvy80sSTTZd9dBj

    Score
    10/10
    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks