General

  • Target

    Privatbank_04_06_2025_478.js

  • Size

    6.3MB

  • Sample

    250605-hrjjaatmt2

  • MD5

    02f3168c46b288624c86a1e294178afd

  • SHA1

    3e68cabbf5f70c76e9bed16bd3e8a2a95c266844

  • SHA256

    f128968908beb38a21b2bf74116d1eff5c468fa41321cbc34a2fa7bf35357632

  • SHA512

    3e9a3ed2ce372d3c86a88fd113030d1a3ed5029c64f6b1b7aa514d0f92a86cba5ee681229613cc23a555589b4fd52bbd225b11d44de3cfaf4dd41c21114b04f4

  • SSDEEP

    49152:oZc5mjfM16ThMjjrFs6kSQ+iVV8qaz+1F3jIcgQuFTYlz0R7xxR3Ioxt6ZQSD9ln:i

Malware Config

Targets

    • Target

      Privatbank_04_06_2025_478.js

    • Size

      6.3MB

    • MD5

      02f3168c46b288624c86a1e294178afd

    • SHA1

      3e68cabbf5f70c76e9bed16bd3e8a2a95c266844

    • SHA256

      f128968908beb38a21b2bf74116d1eff5c468fa41321cbc34a2fa7bf35357632

    • SHA512

      3e9a3ed2ce372d3c86a88fd113030d1a3ed5029c64f6b1b7aa514d0f92a86cba5ee681229613cc23a555589b4fd52bbd225b11d44de3cfaf4dd41c21114b04f4

    • SSDEEP

      49152:oZc5mjfM16ThMjjrFs6kSQ+iVV8qaz+1F3jIcgQuFTYlz0R7xxR3Ioxt6ZQSD9ln:i

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Netsupport family

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks