General
-
Target
5073invcomp5073.js
-
Size
59KB
-
Sample
230601-lnmy3sde64
-
MD5
5027f10af3caf0ebe1ffa71b3adf89f1
-
SHA1
15530989f5509119ea837caf74f4a21206462848
-
SHA256
9321af78c8bd098beaf2fabc232f510b27672270f7e1bb455c4a6a530fd41647
-
SHA512
a09ae60cdc142e86b62b81061c79310f281001cf364578756b3f30d27e37e51e12dea57d97c477b1672a646bfa47e67ed8aa70177956e2d04ba4c6b3882ff60e
-
SSDEEP
768:aRG3vSb0kbrdaL1jsrpvnvdkKmS2na42AbJTh0jswz7AL0gboVC:as3vM06VkiiaJAVTh/LZbcC
Static task
static1
Behavioral task
behavioral1
Sample
5073invcomp5073.js
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
5073invcomp5073.js
Resource
win10v2004-20230220-en
Malware Config
Extracted
https://www.snappyshop.it/img/index.php
Targets
-
-
Target
5073invcomp5073.js
-
Size
59KB
-
MD5
5027f10af3caf0ebe1ffa71b3adf89f1
-
SHA1
15530989f5509119ea837caf74f4a21206462848
-
SHA256
9321af78c8bd098beaf2fabc232f510b27672270f7e1bb455c4a6a530fd41647
-
SHA512
a09ae60cdc142e86b62b81061c79310f281001cf364578756b3f30d27e37e51e12dea57d97c477b1672a646bfa47e67ed8aa70177956e2d04ba4c6b3882ff60e
-
SSDEEP
768:aRG3vSb0kbrdaL1jsrpvnvdkKmS2na42AbJTh0jswz7AL0gboVC:as3vM06VkiiaJAVTh/LZbcC
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-