Overview

overview

10

Static

static

1

package_de...968.js

windows7-x64

10

package_de...968.js

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    package_details_____________________972968.js

  • Size

    3KB

  • Sample

    230901-yqdjmshg27

  • MD5

    bf6b4c0fc43b5aa0c9bb21b94d795240

  • SHA1

    c6826cb6d10ef41842348522571cf28a25720f04

  • SHA256

    9101403bb729cabebd79206aad130293890154cd7a6fba3417471a645ea3ef25

  • SHA512

    173f1ce1ddb6d40d7faa59338a7dcd7a6c97249d467485b890116b84b9cdc480e8825cdeca845c527c6b98b203de898ac827027b56f78a5556429135b965c1e7

Score
10/10
netsupportpersistencerat

Malware Config

Extracted

Language
ps1
Source
URLs
ps1.dropper

https://svirtual.sanviatorperu.edu.pe/readme.txt
exe.dropper

https://svirtual.sanviatorperu.edu.pe/readme.txt

Targets

    • Target

      package_details_____________________972968.js

    • Size

      3KB

    • MD5

      bf6b4c0fc43b5aa0c9bb21b94d795240

    • SHA1

      c6826cb6d10ef41842348522571cf28a25720f04

    • SHA256

      9101403bb729cabebd79206aad130293890154cd7a6fba3417471a645ea3ef25

    • SHA512

      173f1ce1ddb6d40d7faa59338a7dcd7a6c97249d467485b890116b84b9cdc480e8825cdeca845c527c6b98b203de898ac827027b56f78a5556429135b965c1e7

    Score
    10/10
    netsupportpersistencerat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks