General

  • Target

    46cd6b34f7710afb89303715779a915f41f528b06189815b22672e80986d7916.js

  • Size

    61KB

  • Sample

    240305-cp9d2acd86

  • MD5

    cfb018f98474eae2614454fdff0a4fef

  • SHA1

    9a5d5939b4b8b8d300ba6744ad1e65ca4d08e168

  • SHA256

    46cd6b34f7710afb89303715779a915f41f528b06189815b22672e80986d7916

  • SHA512

    67527eb9cbab95f72533b8b4bc34d8ae693519a34bfc4d35fcf8e988fc1ae84fb02e9ad8d05487c9c665e699c271e6275c8c81638e08eec8d2f4669b646c505f

  • SSDEEP

    1536:8+eeHSmKvhgEB3Eurt47NJLP6z6+S2te/fKpw6o11uf+DKP:zTo3EuWg9S2te/fKpw6Kw

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://compactgrill.hu/care.txt

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://whatisfurosemide.com/f877c2e5-2949-4498-af83-6a5c5jd37342a.txt

Targets

    • Target

      46cd6b34f7710afb89303715779a915f41f528b06189815b22672e80986d7916.js

    • Size

      61KB

    • MD5

      cfb018f98474eae2614454fdff0a4fef

    • SHA1

      9a5d5939b4b8b8d300ba6744ad1e65ca4d08e168

    • SHA256

      46cd6b34f7710afb89303715779a915f41f528b06189815b22672e80986d7916

    • SHA512

      67527eb9cbab95f72533b8b4bc34d8ae693519a34bfc4d35fcf8e988fc1ae84fb02e9ad8d05487c9c665e699c271e6275c8c81638e08eec8d2f4669b646c505f

    • SSDEEP

      1536:8+eeHSmKvhgEB3Eurt47NJLP6z6+S2te/fKpw6o11uf+DKP:zTo3EuWg9S2te/fKpw6Kw

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks