Overview

overview

10

Static

static

1

URLScan

urlscan

1

http://blawx.com

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    http://blawx.com

  • Sample

    240124-zhst2aghdp

Score
10/10
netsupportpersistencerat

Malware Config

Extracted

Language
ps1
Source
URLs
ps1.dropper

https://boxtechcompany.com/1/GetData.php?14396
exe.dropper

https://boxtechcompany.com/1/GetData.php?14396

Extracted

Language
ps1
Source
URLs
ps1.dropper

https://boxtechcompany.com/1/GetData.php?14032
exe.dropper

https://boxtechcompany.com/1/GetData.php?14032

Extracted

Language
ps1
Source
URLs
ps1.dropper

https://boxtechcompany.com/1/GetData.php?5702
exe.dropper

https://boxtechcompany.com/1/GetData.php?5702

Extracted

Language
ps1
Source
URLs
ps1.dropper

https://boxtechcompany.com/1/GetData.php?7461
exe.dropper

https://boxtechcompany.com/1/GetData.php?7461

Extracted

Language
ps1
Source
URLs
ps1.dropper

https://boxtechcompany.com/1/GetData.php?13982
exe.dropper

https://boxtechcompany.com/1/GetData.php?13982

Targets

    • Target

      http://blawx.com

    Score
    10/10
    netsupportpersistencerat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks