General
-
Target
scan885.zip
-
Size
12KB
-
Sample
230601-qdfjgaeg4v
-
MD5
b4928bc2a30c427bc3692153a6ab0a8c
-
SHA1
a18b246f69b4798d0263f3eb4256216201226b1c
-
SHA256
4855f83dcf70894e7bcc83d70150bc536f3f46d1323a6c11f32f192ecf02158d
-
SHA512
97077df2e6ef76505dbbe974515750a70cf7672928badc2b8e383afc1416ceae4aeb0b84a883f16978699a4992715652833af6f50ecb5942aa8ea844cf8960ac
-
SSDEEP
192:kC8k2SXRHYATnHqwJStGRf/qNkKVcrDBVZc2H2iPe0cKy6XCSr78ntvCLVdRlxpp:7hG6D6NDcrDjXHZPe06kQnlCpdRlHvB
Static task
static1
Behavioral task
behavioral1
Sample
scan885.js
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
scan885.js
Resource
win10v2004-20230221-en
Malware Config
Extracted
https://www.snappyshop.it/img/index.php
Targets
-
-
Target
scan885.js
-
Size
43KB
-
MD5
5b2d25d2e5f3afb29469afcb67250fc8
-
SHA1
785eba8532d46df54d0b2391b79838a67f6a3fb4
-
SHA256
b2f36ee032e86f9c76ce6577a71e3fb21b512a64837c4e468b6a2e2bfed303ad
-
SHA512
090f741e6ab10a6ad50144d118ce024e4e3d5eece276fbe01277dec95bb8f92ddb057ba95643ed48b8819ff0d60bf2b3dbcc195cd1d182f4937cc28ea9d3dc6c
-
SSDEEP
768:wlVcONzMPUHGjpO5jP/BolWrEOiz9cYG8i19IHpCtId9n:wbnNzMsHGo5L/BomiSx8VHp1D
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-