Overview

overview

10

Static

static

1

Install/_1...161.js

windows10-1703-x64

1

Update_(Of...616.js

windows10-1703-x64

10

Update_121.0.616.js

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    (Official Build)_Update - 85656.zip.7z

  • Size

    1.4MB

  • Sample

    240322-tyy34aga4y

  • MD5

    f3c69fd776b16702db6cee5a176ef34e

  • SHA1

    e062247390ae3d3b94f1c2883aad77c280e03043

  • SHA256

    0c1b9ddbff8cadd4a50cd21b19988a1a6e6839283854458448721b51f9e349b3

  • SHA512

    ba18c8a61a794b7c641ddd2142cca714ef5478a656317a604a8ac2a410bb5c1b3137b4146af9522320d3832f495b5a08acc43acb8361f6c32b4f8d3d2d28303c

  • SSDEEP

    24576:0eNEcWb1eH4rZh88gPd09b1T/YRHpkxD5EkCUkkdWyu0sGJp9rkMiysPuvc5/8Y:0eNMbTZhjF3/AHp2eUtIyXs4HkMiysPX

Score
10/10
netsupportpersistencerat

Malware Config

Extracted

Language
ps1
Source
URLs
ps1.dropper

https://edulokam.com/data.php?12125
exe.dropper

https://edulokam.com/data.php?12125

Extracted

Language
ps1
Source
URLs
ps1.dropper

https://edulokam.com/data.php?11599
exe.dropper

https://edulokam.com/data.php?11599

Targets

    • Target

      Install/_121.0.6161.js

    • Size

      33KB

    • MD5

      f736b65c14b584e70afc8f6a4adbb34d

    • SHA1

      44870d49a995241d8cd18769968b435e098189e7

    • SHA256

      28edbc9dd4c1ccc183e38ca2362e24c2b29b2575b006a1afd2110e5575f2b58e

    • SHA512

      6b279d67863e63b5e7c9b5d6de7536ece183fb1e7f482a9e6a4147893c6329f71b8e8cc1fe84a9b83a0392b8e5292b87bf8a3998ed63db12624f09a171d12351

    • SSDEEP

      768:qLMI3IRCElj+12oqpbGQMKZTqn981t8k9HA9TRgeBnNlBcfZP2fZtYCH2U8YSmR:+MI3jElC2oBQMGmn9uR9g9TRgeBNjWP2

    Score
    1/10
    behavioral1

    • Target

      Update_(Official Build)_121.0.616.js

    • Size

      2.1MB

    • MD5

      fd07f2f8b92595f3a757107a9ac3deb2

    • SHA1

      60276aecc034953433ab181535f99684b2a8757c

    • SHA256

      e4e952d632592839f3e84f23caf003a333145cc3d67cc934f617e9359a3d3575

    • SHA512

      a3ca1d202ea19b4437ef9576132814cedfa7f1d23667915fe7c98701edcc634f6aa59ff9ef6a2aa553f98750e3b6b4d48ffb8d50991b0b907e5438b8550e5609

    • SSDEEP

      49152:blHeolHeolHeolHeolHeolHeolHeolHeolHeolHeolHeolHeNlHeolHeolHeolHJ:bhhhhhhhhhhhYhhhhhhhhhhhhhhhhhhd

    Score
    10/10
    netsupportpersistencerat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral2

    • Target

      Update_121.0.616.js

    • Size

      2.1MB

    • MD5

      fd07f2f8b92595f3a757107a9ac3deb2

    • SHA1

      60276aecc034953433ab181535f99684b2a8757c

    • SHA256

      e4e952d632592839f3e84f23caf003a333145cc3d67cc934f617e9359a3d3575

    • SHA512

      a3ca1d202ea19b4437ef9576132814cedfa7f1d23667915fe7c98701edcc634f6aa59ff9ef6a2aa553f98750e3b6b4d48ffb8d50991b0b907e5438b8550e5609

    • SSDEEP

      49152:blHeolHeolHeolHeolHeolHeolHeolHeolHeolHeolHeolHeNlHeolHeolHeolHJ:bhhhhhhhhhhhYhhhhhhhhhhhhhhhhhhd

    Score
    10/10
    netsupportpersistencerat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral3

MITRE ATT&CK Enterprise v15

Tasks