General

  • Target

    o.png

  • Size

    1KB

  • Sample

    241223-yzb26szmhj

  • MD5

    1d4910734b9ae1dcf2c89ae371e9e0d6

  • SHA1

    0160ef94510837f89f844cfbd1a79af20585c4c8

  • SHA256

    57776354898d850cb8a439eac8515cb917a11a0ab4b0e846a4ed2dc64b8bfd7d

  • SHA512

    e1a089eb482403f598543e90840f213fb7fdc1de0231e98aeef1bdc75e2e5ee6cf0c61fea6dae14ba57aa523241c4d11e3d0522a684f9135e4c3107951f77148

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://incomputersolutions.com/o/1.png

exe.dropper

http://incomputersolutions.com/o/2.png

exe.dropper

http://incomputersolutions.com/o/3.png

exe.dropper

http://incomputersolutions.com/o/4.png

exe.dropper

http://incomputersolutions.com/o/5.png

exe.dropper

http://incomputersolutions.com/o/6.png

exe.dropper

http://incomputersolutions.com/o/7.png

exe.dropper

http://incomputersolutions.com/o/8.png

exe.dropper

http://incomputersolutions.com/o/9.png

exe.dropper

http://incomputersolutions.com/o/10.png

exe.dropper

http://incomputersolutions.com/o/11.png

exe.dropper

http://incomputersolutions.com/o/12.png

Targets

    • Target

      o.png

    • Size

      1KB

    • MD5

      1d4910734b9ae1dcf2c89ae371e9e0d6

    • SHA1

      0160ef94510837f89f844cfbd1a79af20585c4c8

    • SHA256

      57776354898d850cb8a439eac8515cb917a11a0ab4b0e846a4ed2dc64b8bfd7d

    • SHA512

      e1a089eb482403f598543e90840f213fb7fdc1de0231e98aeef1bdc75e2e5ee6cf0c61fea6dae14ba57aa523241c4d11e3d0522a684f9135e4c3107951f77148

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Netsupport family

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Hide Artifacts: Hidden Files and Directories

MITRE ATT&CK Enterprise v15

Tasks