Overview

overview

10

Static

static

1

1de0458822...1a6.js

windows7-x64

8

1de0458822...1a6.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2f1426a46741e36e43119d069a8e85d8.bin

  • Size

    1.4MB

  • Sample

    240410-bhhr3abc67

  • MD5

    1711e5630566771723ee1de5c13c9487

  • SHA1

    fc2daa2d147e3b2b6dc74c18010718bb1f7793e8

  • SHA256

    8201770ffc9d1b1c6b13b9a802e752083e5883e6df442cafa59fa435911756f4

  • SHA512

    eec690cb228c9f96151aaece45a85d37984f40030949a3fac05a0842ac60cffc9089206a323618ce82e007e7b4ec5ed8185faebc2b652e79f28b625ac3f3f4c6

  • SSDEEP

    24576:tYnzS3TPTSD49+AYQY6qf5gndaFradtJPPrjKSjHgRROVXpxOk6lCTsVf:tYn2CDIIUX1Pf/jAeOk6kTsVf

Score
10/10
netsupportpersistencerat

Malware Config

Extracted

Language
ps1
Source
URLs
ps1.dropper

https://mtlaikins.com/data.php?11662
exe.dropper

https://mtlaikins.com/data.php?11662

Targets

    • Target

      1de0458822ac2ce81c11a64fa8c4eb90d6b9173c10eb89d4dedbecaaf566b1a6.js

    • Size

      6.4MB

    • MD5

      2f1426a46741e36e43119d069a8e85d8

    • SHA1

      5b7aa81bd3fbd37aa3e9b1c4b9fec9b67435a7d3

    • SHA256

      1de0458822ac2ce81c11a64fa8c4eb90d6b9173c10eb89d4dedbecaaf566b1a6

    • SHA512

      8674b5779540e9d1c478348f0403609e5ceecc594490f39fa6bdf9478b05b37be90417db0ad49a001228199b13a236a4fc4c5292d4e17123a3017b51e44726b4

    • SSDEEP

      49152:B7V7zjCxbzqHlp4LhyN0kghDzLZzjYzYsmCW+8z2V35//9SGGqHm3quVIKXgxcEm:C

    Score
    10/10
    netsupportpersistencerat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks