General
-
Target
06964299.js
-
Size
54KB
-
Sample
230601-sdlrlafb9s
-
MD5
732067e4491fc9ea850d2fa5b83c708b
-
SHA1
30f586c210d4eb5705f15ddf7066a3d17cfc0faf
-
SHA256
d2ea16afc980ed80a65a99f283563bd8d3968c4d8b5584d2e21970f87c968f84
-
SHA512
0ca73613e8c4ba945c33e314c2aeef93de3e8c0d28190c52fe89a2d1c7e212ffcb6171a36dbbe323aa4ccbb3099b6465812da8d5b2cd6b8c643497e9cf6cc11b
-
SSDEEP
768:Xen3MttcVfNXh1rGMEPets+AB7YC6uSoyQgOKT:G8QRlJEPets+AB7LXSoyB
Static task
static1
Behavioral task
behavioral1
Sample
06964299.js
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
06964299.js
Resource
win10v2004-20230220-en
Malware Config
Extracted
https://www.snappyshop.it/img/index.php
Targets
-
-
Target
06964299.js
-
Size
54KB
-
MD5
732067e4491fc9ea850d2fa5b83c708b
-
SHA1
30f586c210d4eb5705f15ddf7066a3d17cfc0faf
-
SHA256
d2ea16afc980ed80a65a99f283563bd8d3968c4d8b5584d2e21970f87c968f84
-
SHA512
0ca73613e8c4ba945c33e314c2aeef93de3e8c0d28190c52fe89a2d1c7e212ffcb6171a36dbbe323aa4ccbb3099b6465812da8d5b2cd6b8c643497e9cf6cc11b
-
SSDEEP
768:Xen3MttcVfNXh1rGMEPets+AB7YC6uSoyQgOKT:G8QRlJEPets+AB7LXSoyB
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-