Resubmissions

01-03-2024 10:30

240301-mjz9aafd8y 10

01-03-2024 10:19

240301-mcjb7afd2s 10

General

  • Target

    142101421014210REC_.js

  • Size

    82KB

  • Sample

    240301-mcjb7afd2s

  • MD5

    dfc7f50c2ccb605bc0230c7c07e8e96d

  • SHA1

    bbc6d71f601546c702c32f6dadeda8574b7b7ba9

  • SHA256

    004d74496975e008a7fc693503d1e37480d46ce33d17c7e48fa0d7ca29e1a015

  • SHA512

    24218fe3334327d13f3380904cb59ea082e57f6758b330e06dafe9f12a05d3ce2c8bb2f527245a3ef838b07fcf36231c614d4868b0f874095eadfe138e514a5b

  • SSDEEP

    1536:FziPYUNKRMz+GB1+vS3DL/NgMwZc+m/A1pRrGOIPFDgPwj9UtC06VBn6GZa8Tsra:FzijRqGrPfkRr7IRgPaqojfZa8Tt

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://cspapply.com/br.txt

Extracted

Language
ps1
Source
URLs
exe.dropper

http://realty-bundles.com/2a23623a-355c-4esa7-a4bb-1e8928de3680.txt

Targets

    • Target

      142101421014210REC_.js

    • Size

      82KB

    • MD5

      dfc7f50c2ccb605bc0230c7c07e8e96d

    • SHA1

      bbc6d71f601546c702c32f6dadeda8574b7b7ba9

    • SHA256

      004d74496975e008a7fc693503d1e37480d46ce33d17c7e48fa0d7ca29e1a015

    • SHA512

      24218fe3334327d13f3380904cb59ea082e57f6758b330e06dafe9f12a05d3ce2c8bb2f527245a3ef838b07fcf36231c614d4868b0f874095eadfe138e514a5b

    • SSDEEP

      1536:FziPYUNKRMz+GB1+vS3DL/NgMwZc+m/A1pRrGOIPFDgPwj9UtC06VBn6GZa8Tsra:FzijRqGrPfkRr7IRgPaqojfZa8Tt

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks