General
-
Target
virus11.ps1
-
Size
14KB
-
Sample
210503-n75z3xk872
-
MD5
102f6e180a2f67c7cff24e4e47e319e3
-
SHA1
413906407b384e6a2221c31631271686dd4dc8fd
-
SHA256
1ec71f936075a6b54858d0ca24538bfe6e74c1f37eec5d9ee065f5ebe12d5ab5
-
SHA512
589f74c995c9277a54b63b9d7111afd7f85aa535e4b99f02710c8ce333364a4cfd79019809814706de8cdcb88b95c14292c69c1e3a42154e08e4363fd7400128
Static task
static1
Behavioral task
behavioral1
Sample
virus11.ps1
Resource
win7v20210410
Behavioral task
behavioral2
Sample
virus11.ps1
Resource
win10v20210408
Malware Config
Extracted
https://cutt.ly
Targets
-
-
Target
virus11.ps1
-
Size
14KB
-
MD5
102f6e180a2f67c7cff24e4e47e319e3
-
SHA1
413906407b384e6a2221c31631271686dd4dc8fd
-
SHA256
1ec71f936075a6b54858d0ca24538bfe6e74c1f37eec5d9ee065f5ebe12d5ab5
-
SHA512
589f74c995c9277a54b63b9d7111afd7f85aa535e4b99f02710c8ce333364a4cfd79019809814706de8cdcb88b95c14292c69c1e3a42154e08e4363fd7400128
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-