General
-
Target
scan1574.zip
-
Size
15KB
-
Sample
230601-sjfsjafc5x
-
MD5
a7cbd0d50e9a83e769cac7e8a0718060
-
SHA1
721bbd702e1377c98d1a1a459d7354709b1f43f8
-
SHA256
70d4c1068ade759c371bf6d72411fdaf7d762cec34597b01d0c75042862aafc6
-
SHA512
9e2a164f12d80f1d67d07a9d1881b200d2f1a0f1673a15c213a7cbb0b783a5e80755017ac33cd367bbe274c7324725c3ab4e27d4a9636ebf58ee9cceb9cc8e98
-
SSDEEP
384:kb4ZHGqJt1PRKNxNPwQb3UJyr9fh+8sdByj1qnzQB4SdeM5:kb4ZHGqP1PRKNLYQbEJE56QV
Static task
static1
Behavioral task
behavioral1
Sample
scan1574.js
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
scan1574.js
Resource
win10v2004-20230220-en
Malware Config
Extracted
https://www.snappyshop.it/img/index.php
Targets
-
-
Target
scan1574.js
-
Size
59KB
-
MD5
4e4fd19607b3c47da34ef4e6acff4572
-
SHA1
fc07676c88d957138913c0204a09cb62207de023
-
SHA256
39016be4624cfe65c113089e3de891559885e61a522331b3ff6a8af8f37b5fcc
-
SHA512
97669371f9969dc00a653619a5b334dd51627284553c148def0af105c4c49aa341bda7349ddecfced14f6ed7dddb88a2f0c48795f11d0d47d0cee4f2e8e7a330
-
SSDEEP
768:JwqnycCl05WgddGUO1iCykoQase1H6kDi:JHycHz0FvBSap
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-