General
-
Target
Notice_28_03.js
-
Size
103KB
-
Sample
230328-zz17qsdd32
-
MD5
b9da8653e321915751bf80f81d155073
-
SHA1
4c2a9f0e3f6d91455f88b17e57e32e63441125b3
-
SHA256
874c7009065beaabbe041c6df1e203dcc731f2f40438d58cb5e43e12d8975631
-
SHA512
c70cb8147576418b7f9bf248c1273518735eb7a77d38c230177c9906cee6d9397ba7681b55625d72bc420756b3cd9df557dd1278d43da2f45967b00cf40c4d3b
-
SSDEEP
1536:x+m1NLAKBoA5dE/woQs7AdjpGT1YsNfWBGSttVtmF7LHAmsbNbq:xTc6vdw1A1U7LAms4
Static task
static1
Behavioral task
behavioral1
Sample
Notice_28_03.js
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Notice_28_03.js
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
Notice_28_03.js
-
Size
103KB
-
MD5
b9da8653e321915751bf80f81d155073
-
SHA1
4c2a9f0e3f6d91455f88b17e57e32e63441125b3
-
SHA256
874c7009065beaabbe041c6df1e203dcc731f2f40438d58cb5e43e12d8975631
-
SHA512
c70cb8147576418b7f9bf248c1273518735eb7a77d38c230177c9906cee6d9397ba7681b55625d72bc420756b3cd9df557dd1278d43da2f45967b00cf40c4d3b
-
SSDEEP
1536:x+m1NLAKBoA5dE/woQs7AdjpGT1YsNfWBGSttVtmF7LHAmsbNbq:xTc6vdw1A1U7LAms4
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-