General
-
Target
scan1668.js
-
Size
54KB
-
Sample
230601-t8sztsfg2w
-
MD5
0b9b45c634d98c7e358f7b614b76f034
-
SHA1
cdfcae13ea348a6a87f59229c6876024a059df0e
-
SHA256
4cb8001258b4ff9004a96d580acab1b8c4826a00135d527ac284ef3c8c17af15
-
SHA512
ad501f5bd6a194a6c681d555a2946ebbe6dec09d1db3795b0a3da1c514029ce528d3b15b39d896b0ed044abdb2145abb4d3545190d0815a2a38e8ed5afb4c396
-
SSDEEP
768:U+flJ8A4Aczyny8KMkBpxaRh3/cfJkZwzxqTKlr8cqL4RdvEjG:dr2BfpvzMTKMc3vQG
Static task
static1
Behavioral task
behavioral1
Sample
scan1668.js
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
scan1668.js
Resource
win10v2004-20230220-en
Malware Config
Extracted
https://mapla.com.mx/uploads/index.php
Targets
-
-
Target
scan1668.js
-
Size
54KB
-
MD5
0b9b45c634d98c7e358f7b614b76f034
-
SHA1
cdfcae13ea348a6a87f59229c6876024a059df0e
-
SHA256
4cb8001258b4ff9004a96d580acab1b8c4826a00135d527ac284ef3c8c17af15
-
SHA512
ad501f5bd6a194a6c681d555a2946ebbe6dec09d1db3795b0a3da1c514029ce528d3b15b39d896b0ed044abdb2145abb4d3545190d0815a2a38e8ed5afb4c396
-
SSDEEP
768:U+flJ8A4Aczyny8KMkBpxaRh3/cfJkZwzxqTKlr8cqL4RdvEjG:dr2BfpvzMTKMc3vQG
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-