Overview

overview

10

Static

static

1

in_5505503550550.js

windows7-x64

10

in_5505503550550.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Jan23.zip

  • Size

    9KB

  • Sample

    240123-pvgmesahh8

  • MD5

    00780561aa80601e046ec75400fab60c

  • SHA1

    05ff78620d41d5706e66601616aeb0c712a82c06

  • SHA256

    b6e535bb9804a7957cf762dce0fbec231d1de1436163d1a178e04cd34e193396

  • SHA512

    b79110e8c873d8d2950f394bb7c9371a5d70e19acaa44c61b822e25875846b4b0903a8d3c11f7c0dd6cafeb87eb35b68e640dc4fd9377521f6b3cc65086fad69

  • SSDEEP

    192:ZgnR1CCJLoU+79q57qkGv9+LGCLJ6GdD18eQKixTlyV7IbpLVaZL:ZS/oU+79q52koIL+C2eQKkuMaL

Score
10/10
netsupportpersistencerat

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://hsdiagnostico.com/readme.php

Extracted

Language
ps1
Source
URLs
exe.dropper

https://core-click.net/TVFrontend/NSM.zip
exe.dropper

https://core-click.net/TVFrontend/remcmdstub.zip
exe.dropper

https://core-click.net/TVFrontend/DLAA1view.zip
exe.dropper

https://core-click.net/TVFrontend/mock/

Targets

    • Target

      in_5505503550550.js

    • Size

      25KB

    • MD5

      a1b9dd447c4d6f9183c5bf87947e25a9

    • SHA1

      4f432cbe8e8af24ad387d6610ac9faf77c9a546d

    • SHA256

      105c853779f94467b02eaa90a34a8f72443cab1548904132f2e7e552d02319bc

    • SHA512

      0471387eab700330007f078989cd2ac9f2e5733a49141c19cf6331b3d5baa41e5fbace94d88fc31f2519ff94df622fbf31c80fb854310777e288d35cc0674d78

    • SSDEEP

      768:WK8dfrxV8cShXNCEfcrUUe/7kS831swOD4Wz/D3ntccJn/XjCfUnwYOYoE1NbKfD:ymwMTnZc3HH

    Score
    10/10
    netsupportpersistencerat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks