Overview

overview

10

Static

static

1

125012501250.js

windows7-x64

10

125012501250.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    125012501250.js

  • Size

    3KB

  • Sample

    230829-kg3waabc73

  • MD5

    9fd56226b552f37a5260ced905f38262

  • SHA1

    539d70bebd927d5c1b0b38879bead4b9c98210c7

  • SHA256

    432aca157a508ecf1cdee847c8957cd7a186f785eac131f90d2be0e56c3a90f5

  • SHA512

    99710790c65e6b2364ffe21b37a1673e66ebc3288ce96f354a67c3abd3068a92c76e0287852b0f2be8f726d7e15b74e5aa2c3e7768f8ac959ea2d8bce0437bba

Score
10/10
netsupportpersistencerat

Malware Config

Extracted

Language
ps1
Source
URLs
ps1.dropper

http://instalfrio.cl/destination.txt
exe.dropper

http://instalfrio.cl/destination.txt

Targets

    • Target

      125012501250.js

    • Size

      3KB

    • MD5

      9fd56226b552f37a5260ced905f38262

    • SHA1

      539d70bebd927d5c1b0b38879bead4b9c98210c7

    • SHA256

      432aca157a508ecf1cdee847c8957cd7a186f785eac131f90d2be0e56c3a90f5

    • SHA512

      99710790c65e6b2364ffe21b37a1673e66ebc3288ce96f354a67c3abd3068a92c76e0287852b0f2be8f726d7e15b74e5aa2c3e7768f8ac959ea2d8bce0437bba

    Score
    10/10
    netsupportpersistencerat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks