General

  • Target

    in_4414413441441.zip

  • Size

    10KB

  • Sample

    240123-pvkn3sacar

  • MD5

    f9f6a6115c620319c8457a3766eb05e6

  • SHA1

    b4afa4eacf18d17585bdf52c920815f340434f64

  • SHA256

    8329ad98e2bf9ac324d5871579b7089bb91165f862e8eafb89f369bbeb089343

  • SHA512

    d2495361b9d6208cf9bc6a1564b8a78b11823f1193c9818a45d3a77ac9a40a79c32eb9eaa1b5bdf2189f61cfdfcbfbed26471f545a83506d6d3586e0b733c999

  • SSDEEP

    192:llucBx+A7CQPrNj3ERfFL8xCtG5NwlUmJ8aqXKqYY970vTRZHFA6ATIMEV7GpHQX:9D1zNja9ttimUmOZvlgHlOIlGpHQ8Cj

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://hsdiagnostico.com/readme.php

Extracted

Language
ps1
Source
URLs
exe.dropper

https://core-click.net/TVFrontend/NSM.zip

exe.dropper

https://core-click.net/TVFrontend/remcmdstub.zip

exe.dropper

https://core-click.net/TVFrontend/DLAA1view.zip

exe.dropper

https://core-click.net/TVFrontend/mock/

Targets

    • Target

      in_4414413441441.zip

    • Size

      10KB

    • MD5

      f9f6a6115c620319c8457a3766eb05e6

    • SHA1

      b4afa4eacf18d17585bdf52c920815f340434f64

    • SHA256

      8329ad98e2bf9ac324d5871579b7089bb91165f862e8eafb89f369bbeb089343

    • SHA512

      d2495361b9d6208cf9bc6a1564b8a78b11823f1193c9818a45d3a77ac9a40a79c32eb9eaa1b5bdf2189f61cfdfcbfbed26471f545a83506d6d3586e0b733c999

    • SSDEEP

      192:llucBx+A7CQPrNj3ERfFL8xCtG5NwlUmJ8aqXKqYY970vTRZHFA6ATIMEV7GpHQX:9D1zNja9ttimUmOZvlgHlOIlGpHQ8Cj

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks