General
-
Target
b715f22a9e37049d09b06c26ca899c4be3c6c21386f70d6d357b3bd481ee1794.zip
-
Size
28.9MB
-
Sample
230321-r1972abc85
-
MD5
9b773102e5bbe6f9a397497cb69a11cb
-
SHA1
ad15369ea7aec1537af0edcbe055d8c547a330ea
-
SHA256
d6d58703b0ea83394d28fa0b31105ce5f0295b980563df1c085c4895245b79c1
-
SHA512
bc750334ea354b85fdca4c57116b74c240060c652c2d9a7b95a298be14cc683849f2171c79e282bf0187520424752c39d3bb3ffe27c5285aab2587e0f8d83afe
-
SSDEEP
393216:OAyqBB5t4S4F9l0B6gXaTTkMvVTI+iTeQlK7kcNSjJbFFBGKXxA0fXzeEbmZZYN4:OGB5Ot9lb/TnX69FnH1jtk+DM
Static task
static1
Behavioral task
behavioral1
Sample
b715f22a9e37049d09b06c26ca899c4be3c6c21386f70d6d357b3bd481ee1794.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
b715f22a9e37049d09b06c26ca899c4be3c6c21386f70d6d357b3bd481ee1794.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
b715f22a9e37049d09b06c26ca899c4be3c6c21386f70d6d357b3bd481ee1794.exe
-
Size
29.4MB
-
MD5
992cb6d6a567d2ba4e625e8130be7fc3
-
SHA1
627eebe02f4dfb7d7c0b958e3a15afad5bfd042a
-
SHA256
b715f22a9e37049d09b06c26ca899c4be3c6c21386f70d6d357b3bd481ee1794
-
SHA512
f49d524ab142c514847d03cca5cbf53394d2be6950ef00252469fe4c96196b7091cd64d6b472deb1ab29e81e16ac9bbb685a99ef65e4ee5420f7dd43fe3cf474
-
SSDEEP
786432:gHoURM0Ldpd6p5jXz/9RoQxqVTQyYGoO7IpbM9Mep:gnhp45Dz/92kyoO7MBs
-
Babadeda Crypter
-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-