Overview

overview

10

Static

static

1

DE-97799779.js

windows7-x64

10

DE-97799779.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DE-97799779.js

  • Size

    67KB

  • Sample

    240304-t23wfsfg93

  • MD5

    7b61b436fb45377911dff797b06dc189

  • SHA1

    07e8e12694f11b13a14b12aee585a39fad733018

  • SHA256

    048d9066018698dd3437257bb720c9684a094961f32dd4e0bd89213089e71c01

  • SHA512

    a28c3d2940ffeef3dfc74e1af5f83fe65a794c3ce3d45b9f3955a676332c958f7a116d37a64321854f58651e5aaabde0ba1fc1a90401dd2796ecc4d6974e3690

  • SSDEEP

    1536:Gz5KAGyA3MklCxbS0uncLUysuYmPazQ51reEBqYADuCuERGR2Mgi7iPFz+S8:GzKd2vsuYmWehADuCuERGzg3z+S8

Score
10/10
netsupportpersistencerat

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://compactgrill.hu/care.txt

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://whatisfurosemide.com/f877c2e5-2949-4498-af83-6a5c5jd37342a.txt

Targets

    • Target

      DE-97799779.js

    • Size

      67KB

    • MD5

      7b61b436fb45377911dff797b06dc189

    • SHA1

      07e8e12694f11b13a14b12aee585a39fad733018

    • SHA256

      048d9066018698dd3437257bb720c9684a094961f32dd4e0bd89213089e71c01

    • SHA512

      a28c3d2940ffeef3dfc74e1af5f83fe65a794c3ce3d45b9f3955a676332c958f7a116d37a64321854f58651e5aaabde0ba1fc1a90401dd2796ecc4d6974e3690

    • SSDEEP

      1536:Gz5KAGyA3MklCxbS0uncLUysuYmPazQ51reEBqYADuCuERGR2Mgi7iPFz+S8:GzKd2vsuYmWehADuCuERGzg3z+S8

    Score
    10/10
    netsupportpersistencerat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks