General
-
Target
05701599.js
-
Size
43KB
-
Sample
230601-t8kcpaff91
-
MD5
4dc2bd9d0559270278bec04742bce988
-
SHA1
7f782a9b9552e427cc65565d3bb21dc8106f649c
-
SHA256
5baad95720c7b6f77fa453a6575fbe81c3dd867b0b384d2c841c867c11e65916
-
SHA512
3d332488bc8b6baa31c3bdd38954898e104f9ce4af43d2e4222bfb9170a5583d53b94457906fdf4d3c312b254a0b3f917c167b094a708c1c93346cf4dad5a2da
-
SSDEEP
384:NHzG8qG4NvUFtzUN5LY0nMBe9dC07TiTcU6jJ2oOdVTpJfi/1M2PdJ8x5wGW:NHzG8qO3O9MBeE0nNIRdVvfitjdJ8fwD
Static task
static1
Behavioral task
behavioral1
Sample
05701599.js
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
05701599.js
Resource
win10v2004-20230220-en
Malware Config
Extracted
https://mapla.com.mx/uploads/index.php
Targets
-
-
Target
05701599.js
-
Size
43KB
-
MD5
4dc2bd9d0559270278bec04742bce988
-
SHA1
7f782a9b9552e427cc65565d3bb21dc8106f649c
-
SHA256
5baad95720c7b6f77fa453a6575fbe81c3dd867b0b384d2c841c867c11e65916
-
SHA512
3d332488bc8b6baa31c3bdd38954898e104f9ce4af43d2e4222bfb9170a5583d53b94457906fdf4d3c312b254a0b3f917c167b094a708c1c93346cf4dad5a2da
-
SSDEEP
384:NHzG8qG4NvUFtzUN5LY0nMBe9dC07TiTcU6jJ2oOdVTpJfi/1M2PdJ8x5wGW:NHzG8qO3O9MBeE0nNIRdVvfitjdJ8fwD
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-