Overview

overview

10

Static

static

1

DE-97799779.js

windows7-x64

10

DE-97799779.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DE-97799779.zip

  • Size

    25KB

  • Sample

    240304-xdgvvsaa7x

  • MD5

    3a3a2a7d709a4d166b0c458b17ec8e64

  • SHA1

    eb493352a561b383d3588d0429c420f10138e3b9

  • SHA256

    c100870e67ada920f2a8fbf50ed8be373e9f086bb7da54399f2e4ac4d7c91dc2

  • SHA512

    f0d58f4167ce71657526b9bcff3dae12f18f1599ce1f230de08b40284f2c1017610938aa420dd085f49c0bd99897904c479128dc0d297a01e7c92bdbf584778c

  • SSDEEP

    768:42zcD+cHZxW3zeOfb1hMZjDsA9n0Zyn9XjeBIUS:tzcDH+zZBqZjDDn0ZyQnS

Score
10/10
netsupportpersistencerat

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://compactgrill.hu/care.txt

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://whatisfurosemide.com/f877c2e5-2949-4498-af83-6a5c5jd37342a.txt

Targets

    • Target

      DE-97799779.js

    • Size

      67KB

    • MD5

      7b61b436fb45377911dff797b06dc189

    • SHA1

      07e8e12694f11b13a14b12aee585a39fad733018

    • SHA256

      048d9066018698dd3437257bb720c9684a094961f32dd4e0bd89213089e71c01

    • SHA512

      a28c3d2940ffeef3dfc74e1af5f83fe65a794c3ce3d45b9f3955a676332c958f7a116d37a64321854f58651e5aaabde0ba1fc1a90401dd2796ecc4d6974e3690

    • SSDEEP

      1536:Gz5KAGyA3MklCxbS0uncLUysuYmPazQ51reEBqYADuCuERGR2Mgi7iPFz+S8:GzKd2vsuYmWehADuCuERGzg3z+S8

    Score
    10/10
    netsupportpersistencerat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks