General
-
Target
1d3205c80e2291cd3a290a06cb42d5ff80f3b2e4a25c6efe2eddc509b0675dfb.zip
-
Size
1.9MB
-
Sample
230321-r17rxadd6w
-
MD5
4b944ac213a7895bfa97c3bfcff5920c
-
SHA1
70aa791d5dd6f886de792be0892000dbcb01cf0d
-
SHA256
35774bb1a084ba481f16c1c1a69e2d4fd489dcb4fc85c06b6dff01f11efe6d37
-
SHA512
8116a61803262749b346b50fc8db4af3f3943f1399f87f14121e816f29cc00b66d80ab6be5163bb843c68508c2831243ffcd0c4fc09197b97e20ff67b0c09680
-
SSDEEP
49152:gMrV2EOkppKLRKUwzQcfjin4Ma+5PYI6WWV+Ho:gMrVjp8LTwRfWnq+dOW0d
Static task
static1
Behavioral task
behavioral1
Sample
1d3205c80e2291cd3a290a06cb42d5ff80f3b2e4a25c6efe2eddc509b0675dfb.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
1d3205c80e2291cd3a290a06cb42d5ff80f3b2e4a25c6efe2eddc509b0675dfb.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
1d3205c80e2291cd3a290a06cb42d5ff80f3b2e4a25c6efe2eddc509b0675dfb.exe
-
Size
2.1MB
-
MD5
310eb005787e74125cfd19988396e36e
-
SHA1
4e59dac1c9873b6218bb55e95f26ac33ef05f140
-
SHA256
1d3205c80e2291cd3a290a06cb42d5ff80f3b2e4a25c6efe2eddc509b0675dfb
-
SHA512
1fb5e1781b3835b2ebd19d671c12433881d0ab6116983a169317456a47b02ddae74c87c3268729e59da26fff87406e60b2ccde0c27363c97c8132ecaa0eabbbd
-
SSDEEP
49152:ETHPKCtf0EkHbG+c6cjeroadWogH6wW5eLkDwC6Gtu:ETiCtfsc2rECe+7u
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-