General
-
Target
scan1324.zip
-
Size
14KB
-
Sample
230601-wn6fjaga51
-
MD5
81d4285640c04320de50fe678d6a1042
-
SHA1
38c5f8b3d8799bda727835cda8afdac2f46e7bdf
-
SHA256
f335859efbbb94db2933e6094b237f3d3e5fd2091f328663a68c1f1d49ad0684
-
SHA512
7660c27c6083c6dc2dbb1406adbead220d3dc3487d06049bdc611645cbaf06f46001350b17411b07ea1628396d81caa31c2308cd1e2f2c2ba6cde92036900ddb
-
SSDEEP
384:9H7JjGoL72lCnB6+tla959WaKxEO9bLbVHB0ed:tJjGo/hlEkG0b3VHB0c
Static task
static1
Behavioral task
behavioral1
Sample
scan1324.js
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
scan1324.js
Resource
win10v2004-20230220-en
Malware Config
Extracted
https://mapla.com.mx/uploads/index.php
Targets
-
-
Target
scan1324.js
-
Size
53KB
-
MD5
94bbb84781d2e4adfa6265c870631230
-
SHA1
7a861962fa4287f265472f20a493bb1978cd96c4
-
SHA256
f4a82b0c21cf032172b2ae37ee20279a72f12f02ecc3f9dd6c743ebe11c22891
-
SHA512
3d6fa9e31f6478dbf99cfb702c94168c529e1a182efb40067621e611c8b959a81f3b9f343bda3c6bc5b93a76b660e7a42219253a7a5aa6e0858e3c8326e8c1c7
-
SSDEEP
768:Sjze8k8z9wKdnMk1PbTVdiNccvKV4Sb1M1MQoy9:az9JNX1n6rveMOdy9
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-