General
-
Target
scan1668.zip
-
Size
14KB
-
Sample
230601-vjh9rsfd97
-
MD5
e1e6652b907df9532e2a45e9e4ef37dc
-
SHA1
a2cbba192acd5f279243da82c522400e36524f74
-
SHA256
95b92991ba4f4d6d9f311d1a2c1be5aefda3747218c3ca95d9dc09464cfd72c8
-
SHA512
0b73ab8b9bb2f3c0629a62b532eae16e61c32d079d412025556660bc7d48f3a33c41b6eb5c88be926543026851f507fc5fbe580632d5bb2778b8530e890e5bad
-
SSDEEP
384:7WuIIPC10a6C5FQ01ynl0Y/OLXC98xeXj+1iBXfLDXLkS3:7iI6aa6wFQjnl0G8xeXj+sBvHXo2
Static task
static1
Behavioral task
behavioral1
Sample
scan1668.js
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
scan1668.js
Resource
win10v2004-20230220-en
Malware Config
Extracted
https://mapla.com.mx/uploads/index.php
Targets
-
-
Target
scan1668.js
-
Size
54KB
-
MD5
0b9b45c634d98c7e358f7b614b76f034
-
SHA1
cdfcae13ea348a6a87f59229c6876024a059df0e
-
SHA256
4cb8001258b4ff9004a96d580acab1b8c4826a00135d527ac284ef3c8c17af15
-
SHA512
ad501f5bd6a194a6c681d555a2946ebbe6dec09d1db3795b0a3da1c514029ce528d3b15b39d896b0ed044abdb2145abb4d3545190d0815a2a38e8ed5afb4c396
-
SSDEEP
768:U+flJ8A4Aczyny8KMkBpxaRh3/cfJkZwzxqTKlr8cqL4RdvEjG:dr2BfpvzMTKMc3vQG
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-