General

  • Target

    08022024_2226_07022024_DCS7727723772772.zip

  • Size

    9KB

  • Sample

    240208-rrm15sed7x

  • MD5

    80e2a642533b2a87f7aa35f046c5022f

  • SHA1

    ebecd0f155288700b32027731d0a56d2d50d516f

  • SHA256

    26f21ada754233191d1980622136860a9f88723aa9254165e6eb0361817d856c

  • SHA512

    5eae08fa59fe3b73d196794443c4ba03ddab0186ecdcfcf54d23673df73e74098718deba6ca624ad1325fce32749618ebb9fa464c0f06ca83431a605b637f161

  • SSDEEP

    192:CIvbN1m3IJs8i+iQ9BlTb0mIgYgju3EcTYIcMCnvdM6Qy7z42PmqL55z:RuIJ++9TlHpI+S7THcMC26nz7eA5B

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://assime.ca/command.php

Extracted

Language
ps1
Source
URLs
exe.dropper

http://sakaleralo.com/ccea268b-8716-46be-9148-3e614b38a0df.txt

Targets

    • Target

      DCS7727723772772.js

    • Size

      25KB

    • MD5

      fa4c5428813c2612116ac59af1862bcb

    • SHA1

      50f324f71e12473644eefa338b11dd347d713f68

    • SHA256

      8603c3e9cbbf9629724d1d4299418be0d2ad7ce04ea8091fc0bead7430d21fbd

    • SHA512

      a770e57adc93505fbf7ccc4152ebc7985839e168770c16697f3b5d5f1ccd85ac5c1b641a7b407d53a727b2fcad33d123b930cc9ad13ba89c113c6809fbaccdb8

    • SSDEEP

      768:MleSnV5r8Fi+tVxfS0fy8hghu28Iswykn5d0B/PK3py1XY4TgVzlqIDG3ZBoxPg0:eeaV5oIhzPRZxehtM

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks