Overview

overview

10

Static

static

1

Update_bro...436.js

windows10-1703-x64

10

Update_bro...436.js

windows10-2004-x64

8

Update_bro...436.js

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Update_browser_17.6436.js

  • Size

    434KB

  • Sample

    240122-ttseraahd6

  • MD5

    1c2732211585c64719d576f600937215

  • SHA1

    b3bb169088862e9a67a85d3e0bd27af9b366764a

  • SHA256

    878cd20bb0e4997b3da982dc01a4bdeb125c53ab93662afbc8ccfeac7b48d9cb

  • SHA512

    9b982e7fe597697b32c4a01827858b47effe0715a72d85edace6c403d9904551ced54f8bff49908669e4ea5d0500de39487d29ff44a824163eb8f133ff529208

  • SSDEEP

    6144:g+IrEhFgMczj0aw0810VLuqjHFPm4HQQuZ2Ozn:gqkdj8gY4HQJ2OL

Score
10/10
netsupportpersistencerat

Malware Config

Extracted

Language
ps1
Source
URLs
ps1.dropper

https://phinetik.com/data.php?6833
exe.dropper

https://phinetik.com/data.php?6833

Extracted

Language
ps1
Source
URLs
ps1.dropper

https://phinetik.com/data.php?9662
exe.dropper

https://phinetik.com/data.php?9662

Targets

    • Target

      Update_browser_17.6436.js

    • Size

      434KB

    • MD5

      1c2732211585c64719d576f600937215

    • SHA1

      b3bb169088862e9a67a85d3e0bd27af9b366764a

    • SHA256

      878cd20bb0e4997b3da982dc01a4bdeb125c53ab93662afbc8ccfeac7b48d9cb

    • SHA512

      9b982e7fe597697b32c4a01827858b47effe0715a72d85edace6c403d9904551ced54f8bff49908669e4ea5d0500de39487d29ff44a824163eb8f133ff529208

    • SSDEEP

      6144:g+IrEhFgMczj0aw0810VLuqjHFPm4HQQuZ2Ozn:gqkdj8gY4HQJ2OL

    Score
    10/10
    netsupportpersistencerat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

Tasks