General
-
Target
img499113656.js
-
Size
61KB
-
Sample
230525-sqr45sbe6v
-
MD5
dbbdc92ca62d36dceef0883b2da867ed
-
SHA1
5671539e582d08c0c589ba4ac1721af4ed6f71a4
-
SHA256
3c502bb5021338ef3778c4dd6ca43f9afa1fbda25e0f13a5d956482eae80ac11
-
SHA512
eec648e5c9218fe0b6faf9fa27c2b74ba95b1d4d2c0e91f70ed3b806ad37c566ea73dec2925c70be312d9cc867ea5cbaec2d0fe540693c69758f368fce7ed5a3
-
SSDEEP
768:P+UeULOhtYgty9w9CHwYjQiJsnnlrD9a5Ybgu1zD+SpJGgflJcCB1vnJrm6YkFf5:/eUL2tVWWCv07nlPMSgSzyS9tJvM/2
Static task
static1
Behavioral task
behavioral1
Sample
img499113656.js
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
img499113656.js
Resource
win10v2004-20230220-en
Malware Config
Extracted
https://figocoin.it/auth.php
Targets
-
-
Target
img499113656.js
-
Size
61KB
-
MD5
dbbdc92ca62d36dceef0883b2da867ed
-
SHA1
5671539e582d08c0c589ba4ac1721af4ed6f71a4
-
SHA256
3c502bb5021338ef3778c4dd6ca43f9afa1fbda25e0f13a5d956482eae80ac11
-
SHA512
eec648e5c9218fe0b6faf9fa27c2b74ba95b1d4d2c0e91f70ed3b806ad37c566ea73dec2925c70be312d9cc867ea5cbaec2d0fe540693c69758f368fce7ed5a3
-
SSDEEP
768:P+UeULOhtYgty9w9CHwYjQiJsnnlrD9a5Ybgu1zD+SpJGgflJcCB1vnJrm6YkFf5:/eUL2tVWWCv07nlPMSgSzyS9tJvM/2
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-