General

  • Target

    readme.ps1

  • Size

    6KB

  • Sample

    240123-qhtxnabde5

  • MD5

    6cce740fb3df20ec27fa3bb760e69502

  • SHA1

    4e8095213f97e64df6dfb3655aea1fd774844533

  • SHA256

    a04f3d2be0b51c4c302bc4b881ee6c6b507bc432272fc37d7c531060607e7932

  • SHA512

    c2f77ab349459b3f954c21e80fcb56453bb1776e9e122605649439ec015c1125b6f7f6419c385128f2802545de6365255e474a04149bae285d0c01578d215ddb

  • SSDEEP

    192:OSPlCKYDjGHy9v0vVTeTHriuquid2VTTh8CWXB6:OSPlCKYD6S9cleTHm1cFTh8CWXB6

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://core-click.net/TVFrontend/NSM.zip

exe.dropper

https://core-click.net/TVFrontend/remcmdstub.zip

exe.dropper

https://core-click.net/TVFrontend/DLAA1view.zip

exe.dropper

https://core-click.net/TVFrontend/mock/

Targets

    • Target

      readme.ps1

    • Size

      6KB

    • MD5

      6cce740fb3df20ec27fa3bb760e69502

    • SHA1

      4e8095213f97e64df6dfb3655aea1fd774844533

    • SHA256

      a04f3d2be0b51c4c302bc4b881ee6c6b507bc432272fc37d7c531060607e7932

    • SHA512

      c2f77ab349459b3f954c21e80fcb56453bb1776e9e122605649439ec015c1125b6f7f6419c385128f2802545de6365255e474a04149bae285d0c01578d215ddb

    • SSDEEP

      192:OSPlCKYDjGHy9v0vVTeTHriuquid2VTTh8CWXB6:OSPlCKYD6S9cleTHm1cFTh8CWXB6

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks