General
-
Target
scan521.js
-
Size
58KB
-
Sample
230601-glv5fsch24
-
MD5
fb51c86fbd02d5765a0e9977d51dcaac
-
SHA1
46905318dc8cc24372633f2fe439f69d2b734182
-
SHA256
baa4c2b6e21ecd078a91ebf5d4c85c3507887c84a6a23e0cfda6034ac86abc27
-
SHA512
bd8a5dc83933386957376b9753d823c269805b72ea01149969c511578ac16bc804c81d586d6051bb21c930c9af2dc7fd5774470d69ce6c678309e23ac6350698
-
SSDEEP
768:DD9/AwHLQ+Y8p6PK7jJq0OV/c0Z/wcbBmCa:DpOopJ7jJEU0a
Static task
static1
Behavioral task
behavioral1
Sample
scan521.js
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
scan521.js
Resource
win10v2004-20230220-en
Malware Config
Extracted
https://www.snappyshop.it/img/index.php
Targets
-
-
Target
scan521.js
-
Size
58KB
-
MD5
fb51c86fbd02d5765a0e9977d51dcaac
-
SHA1
46905318dc8cc24372633f2fe439f69d2b734182
-
SHA256
baa4c2b6e21ecd078a91ebf5d4c85c3507887c84a6a23e0cfda6034ac86abc27
-
SHA512
bd8a5dc83933386957376b9753d823c269805b72ea01149969c511578ac16bc804c81d586d6051bb21c930c9af2dc7fd5774470d69ce6c678309e23ac6350698
-
SSDEEP
768:DD9/AwHLQ+Y8p6PK7jJq0OV/c0Z/wcbBmCa:DpOopJ7jJEU0a
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-