General
-
Target
newf.dotm
-
Size
17KB
-
Sample
230418-xak34sdd55
-
MD5
175722ba98f8f2715841c2c22026b7c8
-
SHA1
23aab879b915d58e4f8eb8d1399d33963ce2ecb4
-
SHA256
9969a0b62356c03aecf524ba69c136e675792b435eaf604c12dc5d36ed9c8aae
-
SHA512
e1be8ad4704ac71e2afc7d53f7273942f13446cbf31bbf40b2afc308209522298d32be3bfb3011dce224b39e335c77985c462aa7488280dc229299296cf6d425
-
SSDEEP
384:tmtriu1E3VPxAYwmhr9BiNiC78QyRC6hIm6akwLWdxdIZYB3S:q11gpxAYFhTiNV8QyRp2akw6LIOw
Behavioral task
behavioral1
Sample
newf.dotm
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
newf.dotm
Resource
win10v2004-20230220-en
Malware Config
Extracted
https://bitbucket.org/foxxlrep/repo/downloads/zip.zip
Extracted
https://gold-fish.top/glazgo.zip
Targets
-
-
Target
newf.dotm
-
Size
17KB
-
MD5
175722ba98f8f2715841c2c22026b7c8
-
SHA1
23aab879b915d58e4f8eb8d1399d33963ce2ecb4
-
SHA256
9969a0b62356c03aecf524ba69c136e675792b435eaf604c12dc5d36ed9c8aae
-
SHA512
e1be8ad4704ac71e2afc7d53f7273942f13446cbf31bbf40b2afc308209522298d32be3bfb3011dce224b39e335c77985c462aa7488280dc229299296cf6d425
-
SSDEEP
384:tmtriu1E3VPxAYwmhr9BiNiC78QyRC6hIm6akwLWdxdIZYB3S:q11gpxAYFhTiNV8QyRp2akw6LIOw
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-