Overview

overview

10

Static

static

1

DE-94059405.js

windows7-x64

10

DE-94059405.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c6e823daf06211ae8e9ea6bed902aecbe4d7e200038a5523f0e3378647c483c2.zip

  • Size

    27KB

  • Sample

    240305-c8nxfacd9x

  • MD5

    9973c8e9d4c3754ee15fd7d318e40c4f

  • SHA1

    6923ab867e9d60c23c53f7deb5d1e3cbba9e53f5

  • SHA256

    c6e823daf06211ae8e9ea6bed902aecbe4d7e200038a5523f0e3378647c483c2

  • SHA512

    55b449c3940cf17e66f807578789203299568fcfdce97b10b87fd2629b0355b53f929feac06271c4837e74cbd4637aa10cecde9322a15eaeed382dacd711bc55

  • SSDEEP

    768:SSJP+iY1wu1gZzTi4iv7KMjypl1bc3mKyZ:SacO1i4A+MOpbbknyZ

Score
10/10
netsupportpersistencerat

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://compactgrill.hu/care.txt

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://whatisfurosemide.com/f877c2e5-2949-4498-af83-6a5c5jd37342a.txt

Targets

    • Target

      DE-94059405.js

    • Size

      71KB

    • MD5

      38173035f40ee1d01b71dc326a69a675

    • SHA1

      270164a80071fd82ef817b06934222b798fd5673

    • SHA256

      a9b92bc14580b2d4a5d7a21d5089944fa08e0746025df1a9d74b0522cf1e3069

    • SHA512

      034b5868e45e936d523dfb4c18b66a391e6a8434a59dec1c3645760d1d60d6e9422999210b6ee9a7ab8d75e30419d4432df31f59037b8c46bae4d122ea75bb4a

    • SSDEEP

      1536:3UFnyjPGV6d1vnq1Syz1QkQGCDbVuW+oet1X76ZIy/2Jyi0a0qb9i8TJBNTmElvg:3onyPGV6Zyz2LQtR76Cy/2JyiX0qb9iF

    Score
    10/10
    netsupportpersistencerat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks