General
-
Target
a5ed8f34dd77eb45dbc30306adccd4435273de45f5c78b18fc9f8653f4167bfa.unknown
-
Size
18KB
-
Sample
230519-drd7cadg6z
-
MD5
7b37c4579a80d362ce580687ed2aaf10
-
SHA1
84a7c93a2b215172c9603f140ec1540b2d5a0edd
-
SHA256
a5ed8f34dd77eb45dbc30306adccd4435273de45f5c78b18fc9f8653f4167bfa
-
SHA512
40f7753b552973ef6de7c3506407ce27547fe43ada791915830cd11568f7ac3638317c284fcd89f5887d648f1efe6da786e5f89639299463f1aaceccda88d7a4
-
SSDEEP
384:61UbTY1XNQZEQVl74hVElSxLYj/J8SpGKYTTUyc5/7fL5clkWng9Lwe9wo:61UfUXNQZp74YlStYj/J8SoKYTTUyc5n
Static task
static1
Behavioral task
behavioral1
Sample
a5ed8f34dd77eb45dbc30306adccd4435273de45f5c78b18fc9f8653f4167bfa.vbs
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
a5ed8f34dd77eb45dbc30306adccd4435273de45f5c78b18fc9f8653f4167bfa.vbs
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
a5ed8f34dd77eb45dbc30306adccd4435273de45f5c78b18fc9f8653f4167bfa.unknown
-
Size
18KB
-
MD5
7b37c4579a80d362ce580687ed2aaf10
-
SHA1
84a7c93a2b215172c9603f140ec1540b2d5a0edd
-
SHA256
a5ed8f34dd77eb45dbc30306adccd4435273de45f5c78b18fc9f8653f4167bfa
-
SHA512
40f7753b552973ef6de7c3506407ce27547fe43ada791915830cd11568f7ac3638317c284fcd89f5887d648f1efe6da786e5f89639299463f1aaceccda88d7a4
-
SSDEEP
384:61UbTY1XNQZEQVl74hVElSxLYj/J8SpGKYTTUyc5/7fL5clkWng9Lwe9wo:61UfUXNQZp74YlStYj/J8SoKYTTUyc5n
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-