General
-
Target
scan214.zip
-
Size
14KB
-
Sample
230601-sjfsjafc5y
-
MD5
9c5891088c452eb9de33486a51df0513
-
SHA1
94b90bdfcd517d2b1cc69754c731b03d814827d1
-
SHA256
2d10ef76a67b2b9f230c13204accf044862d5b31a319654d24956f4e2be52216
-
SHA512
382791da27a17f509133cbdcb57c805d2abe0bed6fdca5238923da39710fc5c3db2ac7f3add75ccd4e2234d963f090b4362ca664d2f3e15a0fcd68c012833586
-
SSDEEP
384:Rlog6rFQOBn+7S0rHsYufDgcqhV4xkeqFf:YjrWOh+57sXfCZZ
Static task
static1
Behavioral task
behavioral1
Sample
scan214.js
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
scan214.js
Resource
win10v2004-20230220-en
Malware Config
Extracted
https://www.snappyshop.it/img/index.php
Targets
-
-
Target
scan214.js
-
Size
54KB
-
MD5
732067e4491fc9ea850d2fa5b83c708b
-
SHA1
30f586c210d4eb5705f15ddf7066a3d17cfc0faf
-
SHA256
d2ea16afc980ed80a65a99f283563bd8d3968c4d8b5584d2e21970f87c968f84
-
SHA512
0ca73613e8c4ba945c33e314c2aeef93de3e8c0d28190c52fe89a2d1c7e212ffcb6171a36dbbe323aa4ccbb3099b6465812da8d5b2cd6b8c643497e9cf6cc11b
-
SSDEEP
768:Xen3MttcVfNXh1rGMEPets+AB7YC6uSoyQgOKT:G8QRlJEPets+AB7LXSoyB
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-