General
-
Target
servs2508.js
-
Size
46KB
-
Sample
230708-keh34adb55
-
MD5
fa059b3389ea111fd8cb6461a18ba0e5
-
SHA1
018ef250427f5b00ddd8e1fa7329185aa3d302a1
-
SHA256
8fbe2784cef7404afbb504a8e5259fdcd87ff3bb507561d54973117b1b4a37e8
-
SHA512
cee84132f2805ca249c16ef52d9692d30633b26de2ddbee5c1f976821819e93cea52489405d3bb07260b1908827d17b41006e2d4fa9bd15b935ede2578fb6653
-
SSDEEP
768:0swecKSf0MTLBAZvA7otTjxqQ+soTqKxpg+ljPPjD8wpzu0j9HBN/ca9BM56kyRg:0swpKiTLBSvEsTdqgo9x2+ljXjfzDjlC
Static task
static1
Behavioral task
behavioral1
Sample
servs2508.js
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
servs2508.js
Resource
win10v2004-20230703-en
Malware Config
Extracted
https://ecotree.co.in/images/cora.zip
https://ecotree.co.in/images/files/cora.zip
Extracted
https://ecotree.co.in/images/cora.zip
https://ecotree.co.in/images/files/cora.zip
Targets
-
-
Target
servs2508.js
-
Size
46KB
-
MD5
fa059b3389ea111fd8cb6461a18ba0e5
-
SHA1
018ef250427f5b00ddd8e1fa7329185aa3d302a1
-
SHA256
8fbe2784cef7404afbb504a8e5259fdcd87ff3bb507561d54973117b1b4a37e8
-
SHA512
cee84132f2805ca249c16ef52d9692d30633b26de2ddbee5c1f976821819e93cea52489405d3bb07260b1908827d17b41006e2d4fa9bd15b935ede2578fb6653
-
SSDEEP
768:0swecKSf0MTLBAZvA7otTjxqQ+soTqKxpg+ljPPjD8wpzu0j9HBN/ca9BM56kyRg:0swpKiTLBSvEsTdqgo9x2+ljXjfzDjlC
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-