General
-
Target
4689feea371ab0b27c3b7760ad99d3d587e770b36403fcaf795e4a5c17bef173.zip
-
Size
2.3MB
-
Sample
230321-r18n7sdd6y
-
MD5
0b4aee48210787481ab8684f459a8573
-
SHA1
2eab21b96a136ff2c9393cd671b6d64401fcf9d5
-
SHA256
c861e309bc11fdecd440b981d693e824cd67240d68a0d0d79b91887e1c64f492
-
SHA512
aaabb88f76545e444cbeb50210655f1d49e93918a357b0e70e49c9a86a3807689ebd1897b4d494ac582c0d2dcc33720353260dbb4f8baa0515e34ef96014a1f3
-
SSDEEP
49152:dOxUjDzz6285KLObdoCzkauY8gTIVSh2OVlglyKz1/G1iSTyv:oxUjDzzCXbdoCAauIUVSh2UlglFz+iEM
Static task
static1
Behavioral task
behavioral1
Sample
4689feea371ab0b27c3b7760ad99d3d587e770b36403fcaf795e4a5c17bef173.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
4689feea371ab0b27c3b7760ad99d3d587e770b36403fcaf795e4a5c17bef173.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
4689feea371ab0b27c3b7760ad99d3d587e770b36403fcaf795e4a5c17bef173.exe
-
Size
2.6MB
-
MD5
92d8cace3f5be94d54700290a22b01ab
-
SHA1
08feb65fdcd6a8284297461c1afced9f769134c9
-
SHA256
4689feea371ab0b27c3b7760ad99d3d587e770b36403fcaf795e4a5c17bef173
-
SHA512
85b86a20a3f52a347ee31f0cfd7f9a34f9a624ca07f5c94b4ad56841162a9d73606ee1f7ed85c065e3262b73616d1a2618f1c10f0ad483dd1884de1ca5c0b07c
-
SSDEEP
49152:RJso4ozTdxkp92TMp2OX5yadksH1dSXnnGz2pU8E8SDJI4x:Reo5d6Ugp2IyadJH1dSXnGz2pU8Aaw
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-