Overview

overview

10

Static

static

1

in_8518513851851.js

windows7-x64

10

in_8518513851851.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    in_8518513851851.js

  • Size

    26KB

  • Sample

    240123-qc7xbsafck

  • MD5

    1691c975ce328fa6625a41b0fe8cbefe

  • SHA1

    8309db41c61aee1f24e6f1318aa92781752d1428

  • SHA256

    4198a65d984c721863bef300062563aa75b38773aab949167762d31316c9ed4d

  • SHA512

    51eae76596d4f548564979e74596f99dfd3193628719d46e7598eba6092985be5c3c9b5ac15e23282fbd20fcff6e1b9b644d2386f8099b12d33b7d3493700962

  • SSDEEP

    768:Vg5LTW9Qt7DAhBLREvMhVfmUjGU8OyYC88aMtzDcUa9Mgj+l+or5jo53EuA9gZAN:KFOyYK/gj/MwcgMF

Score
10/10
netsupportpersistencerat

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://hsdiagnostico.com/readme.php

Extracted

Language
ps1
Source
URLs
exe.dropper

https://core-click.net/TVFrontend/NSM.zip
exe.dropper

https://core-click.net/TVFrontend/remcmdstub.zip
exe.dropper

https://core-click.net/TVFrontend/DLAA1view.zip
exe.dropper

https://core-click.net/TVFrontend/mock/

Targets

    • Target

      in_8518513851851.js

    • Size

      26KB

    • MD5

      1691c975ce328fa6625a41b0fe8cbefe

    • SHA1

      8309db41c61aee1f24e6f1318aa92781752d1428

    • SHA256

      4198a65d984c721863bef300062563aa75b38773aab949167762d31316c9ed4d

    • SHA512

      51eae76596d4f548564979e74596f99dfd3193628719d46e7598eba6092985be5c3c9b5ac15e23282fbd20fcff6e1b9b644d2386f8099b12d33b7d3493700962

    • SSDEEP

      768:Vg5LTW9Qt7DAhBLREvMhVfmUjGU8OyYC88aMtzDcUa9Mgj+l+or5jo53EuA9gZAN:KFOyYK/gj/MwcgMF

    Score
    10/10
    netsupportpersistencerat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks