General

  • Target

    Malware.js

  • Size

    4.5MB

  • Sample

    241219-acvc8sxqbv

  • MD5

    3bb2fb6e24b9e0649a24d050d0019634

  • SHA1

    c0a58567765515df4edbd303bc8114669322086f

  • SHA256

    2f1fc0157736c88a42ad1847da59844dac4da6be39f89346aa433a65681b8eea

  • SHA512

    bc69fcb9574cdde7dbf8b244724dff54089105000ff57ffe0ccbffe0ee6510c0a6014650fa214e4d9836ca72fb6930c7cc82b53947bd2cf943c982831dc532af

  • SSDEEP

    49152:psz6FvpOiHY7sz6FvpOiHY97DIzjCxbxqHlpM1MNN0D6hO22DzhYzYBmv9+8pJmR:p0WQ0WW

Malware Config

Targets

    • Target

      Malware.js

    • Size

      4.5MB

    • MD5

      3bb2fb6e24b9e0649a24d050d0019634

    • SHA1

      c0a58567765515df4edbd303bc8114669322086f

    • SHA256

      2f1fc0157736c88a42ad1847da59844dac4da6be39f89346aa433a65681b8eea

    • SHA512

      bc69fcb9574cdde7dbf8b244724dff54089105000ff57ffe0ccbffe0ee6510c0a6014650fa214e4d9836ca72fb6930c7cc82b53947bd2cf943c982831dc532af

    • SSDEEP

      49152:psz6FvpOiHY7sz6FvpOiHY97DIzjCxbxqHlpM1MNN0D6hO22DzhYzYBmv9+8pJmR:p0WQ0WW

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Netsupport family

    • Blocklisted process makes network request

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks