General
-
Target
5334206550235.zip
-
Size
1KB
-
Sample
220907-tjaryshgdp
-
MD5
816a8c5178c108d6428aabe41afadc04
-
SHA1
65c41f36ef4a02459c6f851e4d33aff0ca15ffc0
-
SHA256
7240e18c3a648a5c8f8c9154c67f8aeb6f3e158efd616dea7e648117db056d25
-
SHA512
c4e2c59b4fa90386eb6778176e613cb8aee746def2aac66de3df8b92ce7edc1aa8e0c0c4246982c20c53ec5fb48398645a720a3c1e90c366e874138bdbf786c5
Static task
static1
Behavioral task
behavioral1
Sample
5334206550235/5334206550235.doc
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
5334206550235/5334206550235.doc
Resource
win10v2004-20220901-en
Behavioral task
behavioral3
Sample
5334206550235/5334206550235.lnk
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
5334206550235/5334206550235.lnk
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
5334206550235/5334206550235.doc
-
Size
13B
-
MD5
3e8b2bca43b13d7da07d14c6852d43d9
-
SHA1
6f11c80c2015efb519cc4f5d8b066feaddd2ceaf
-
SHA256
35a2b9e0e3629c9a4acee07fa39f850268b291f552f1bfd1fec68772d32d17fc
-
SHA512
1a26f6778ec7bab26bb833bd538dda8d38cd93ce2d7908ec929896fe0d573a25f0aae38de4c5aab2edc7e74cb6ec9ea18a067e4109adf8ef53fe23573b10793e
Score4/10 -
-
-
Target
5334206550235/5334206550235.lnk
-
Size
1KB
-
MD5
af0332822932a50423ee56f4c5e86d48
-
SHA1
be147be6cb2535d016fa070272e8ebf668590b0c
-
SHA256
4ebafd6788be403f087f05295c8d873241b064415015eebbee27958c24fc10e1
-
SHA512
31fd6abc3c471ae1ed18f911d58080c720e9a59a927ad1af46f239e69545ea27f5a4ddee875681a2573558dcf3787bd47a0214547ece9db2f9fe1faf6f08a3ab
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-