General
-
Target
64704bebce64f.ps1
-
Size
2KB
-
Sample
230526-hqx1aaeg7t
-
MD5
307d3a6c607858692ae50922a077bc1d
-
SHA1
d7f97b7dc75f2a81fb521450de41596b71c797a7
-
SHA256
a327e8a5d5a9d9a0384555b354d2a7d4532f078dc1884706d2e2b4e524042982
-
SHA512
c249c420f63b69fa39447c11075add27372d9ff6bfca969b4915e26c2e2234ddb77309c45c305a185351c277956ec54fd0d208cd3d657683e33f87699ef2011a
Static task
static1
Behavioral task
behavioral1
Sample
64704bebce64f.ps1
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
64704bebce64f.ps1
Resource
win10v2004-20230220-en
Malware Config
Extracted
https://figocoin.it/auth.php
Targets
-
-
Target
64704bebce64f.ps1
-
Size
2KB
-
MD5
307d3a6c607858692ae50922a077bc1d
-
SHA1
d7f97b7dc75f2a81fb521450de41596b71c797a7
-
SHA256
a327e8a5d5a9d9a0384555b354d2a7d4532f078dc1884706d2e2b4e524042982
-
SHA512
c249c420f63b69fa39447c11075add27372d9ff6bfca969b4915e26c2e2234ddb77309c45c305a185351c277956ec54fd0d208cd3d657683e33f87699ef2011a
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-