Overview

overview

10

Static

static

1

DCS19011901.js

windows7-x64

10

DCS19011901.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    08022024_2229_07022024_DCS19011901.zip

  • Size

    10KB

  • Sample

    240208-rtsdmsee6v

  • MD5

    7830822633fb42c2e6b8d946b750be52

  • SHA1

    e616e051adf6c57f90017cf34efd49b7d97f443d

  • SHA256

    d6fc950e5e7b143341a2c2d2499791a352b5819c614bacb6fe3fdc2fa623c8dd

  • SHA512

    bd56900e166ef8e2f6bc917078520aa1fc84b0d86f3bd1a7a3d8894af4f29b8eaacbde9e8f7004c8412b895e1036a3eac7935cd5643289ec1ace705f63168cb7

  • SSDEEP

    192:uzeEKRMd8yzIjRctjHCUpLXAOI3lySK4e/+RmsMBJqdkpK3WO0x:LEKRMJcULCXlK42+RFSaJ3+x

Score
10/10
netsupportpersistencerat

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://assime.ca/command.php

Extracted

Language
ps1
Source
URLs
exe.dropper

http://sakaleralo.com/ccea268b-8716-46be-9148-3e614b38a0df.txt

Targets

    • Target

      DCS19011901.js

    • Size

      29KB

    • MD5

      0d0e14c18ac4db3bced742abbc1e80e6

    • SHA1

      44977720d24a921e3b5cc52aadb99e8531a6985a

    • SHA256

      87d72fac49d1573f32930344a6be4ea18c0409a2b8f0a53c2e0f5e0d57b49459

    • SHA512

      3525f05b82e085ce67f43ad2f7f0168928a00122e1b86a1432f0e242532121e4160bbc0d81fcd2135d2dcb355d9535c5c5a300dcf3341ec875cf22840346c649

    • SSDEEP

      768:NPnwrYNgIqAEAU5s1ZuRl+30XxVUlA5Oxay7HCA+4TJUwnbmZrLMqNcWgRb3KBBB:YVMKEiZNoa/TAC

    Score
    10/10
    netsupportpersistencerat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks