General
-
Target
1f681f268081de803775afa4b9132604.js
-
Size
632KB
-
Sample
230519-d7estafa52
-
MD5
1f681f268081de803775afa4b9132604
-
SHA1
26af1aa7c8964622d5f14519dd25209418dd5e0d
-
SHA256
30831ca307d5113558cb320f0218bf1223ccf516d6216835c0706e716504c0d9
-
SHA512
e88a2aeb6a66f32bc71e892a8519207361a7c45d52076308e2e876ab9feb1180cb65f9b24f0ce7d1b940ac85cfca166ba4e1def0eeb5ddaf490559d0766446c1
-
SSDEEP
3072:lXV8KmbzPiG9V7lRypHuntQAvgFSTKzRADiR8OuM65j9DGRo2CTxfpIcM1iDKsGg:YvF9WIlB
Static task
static1
Behavioral task
behavioral1
Sample
1f681f268081de803775afa4b9132604.js
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
1f681f268081de803775afa4b9132604.js
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
1f681f268081de803775afa4b9132604.js
-
Size
632KB
-
MD5
1f681f268081de803775afa4b9132604
-
SHA1
26af1aa7c8964622d5f14519dd25209418dd5e0d
-
SHA256
30831ca307d5113558cb320f0218bf1223ccf516d6216835c0706e716504c0d9
-
SHA512
e88a2aeb6a66f32bc71e892a8519207361a7c45d52076308e2e876ab9feb1180cb65f9b24f0ce7d1b940ac85cfca166ba4e1def0eeb5ddaf490559d0766446c1
-
SSDEEP
3072:lXV8KmbzPiG9V7lRypHuntQAvgFSTKzRADiR8OuM65j9DGRo2CTxfpIcM1iDKsGg:YvF9WIlB
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-