General
-
Target
rechn5130415.js
-
Size
48KB
-
Sample
230519-ql8j8agg9y
-
MD5
5618fad2dd16924e681e15c089f59d1c
-
SHA1
d8ac2ec10f7caadc706763c98d19953f3f17e6d8
-
SHA256
1fb5b7043cdc3f8a5344b172ffa0398df3c295b5c490c6da0b43bf200522cd0d
-
SHA512
ae7e52c7d99bc9e11cacfa8dc3fa55873d4217d964c5306cf918ff33eb2e33c23e14e4cb062648f3cecd98ac104857b3dc18bfa22ef88cce9785be6447b9de54
-
SSDEEP
768:dhsmqfMvHGpK5Lqm4L/f/O8VFwL7f6/MVRPXD+rDpozmCRQtRjRWm0u:dhx5fGpKgmC/+8MWsR7+rjCR6lWm0u
Static task
static1
Behavioral task
behavioral1
Sample
rechn5130415.js
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
rechn5130415.js
Resource
win10v2004-20230220-en
Malware Config
Extracted
https://ridersintl.org/vincent-sewe/f1.ps1
Extracted
https://macayaywaak.cl/sistema2/variables.php
Targets
-
-
Target
rechn5130415.js
-
Size
48KB
-
MD5
5618fad2dd16924e681e15c089f59d1c
-
SHA1
d8ac2ec10f7caadc706763c98d19953f3f17e6d8
-
SHA256
1fb5b7043cdc3f8a5344b172ffa0398df3c295b5c490c6da0b43bf200522cd0d
-
SHA512
ae7e52c7d99bc9e11cacfa8dc3fa55873d4217d964c5306cf918ff33eb2e33c23e14e4cb062648f3cecd98ac104857b3dc18bfa22ef88cce9785be6447b9de54
-
SSDEEP
768:dhsmqfMvHGpK5Lqm4L/f/O8VFwL7f6/MVRPXD+rDpozmCRQtRjRWm0u:dhx5fGpKgmC/+8MWsR7+rjCR6lWm0u
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-