General
-
Target
scan362.js
-
Size
60KB
-
Sample
230601-tr7fwsfe8z
-
MD5
be2084431124f972feebb754b22ae1d0
-
SHA1
345b249939e65af27af345808eb0b659ec001d83
-
SHA256
0b6acae5752405446505b8302434cc7f17af5801cb0d3f1455c9bf446009f650
-
SHA512
9bbf7a858b7fa13c0298edc1cb4821897398fa8534358a04d1dd84872955392a11daceabc438997caa2de3cf2a0530c3bbf1cf95c9eebd2d2eac5850dc6b04cc
-
SSDEEP
768:2QWZXjJuA5N5/UNXV6EclQWr0zda07eBAL+juQeFdg:IZCWmzYKl+jSg
Static task
static1
Behavioral task
behavioral1
Sample
scan362.js
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
scan362.js
Resource
win10v2004-20230220-en
Malware Config
Extracted
https://mapla.com.mx/uploads/index.php
Targets
-
-
Target
scan362.js
-
Size
60KB
-
MD5
be2084431124f972feebb754b22ae1d0
-
SHA1
345b249939e65af27af345808eb0b659ec001d83
-
SHA256
0b6acae5752405446505b8302434cc7f17af5801cb0d3f1455c9bf446009f650
-
SHA512
9bbf7a858b7fa13c0298edc1cb4821897398fa8534358a04d1dd84872955392a11daceabc438997caa2de3cf2a0530c3bbf1cf95c9eebd2d2eac5850dc6b04cc
-
SSDEEP
768:2QWZXjJuA5N5/UNXV6EclQWr0zda07eBAL+juQeFdg:IZCWmzYKl+jSg
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-