General
-
Target
fl1416.js
-
Size
46KB
-
Sample
230708-kej1dsdb58
-
MD5
ab83faeee057af8ebe3f5b37dbc4525a
-
SHA1
01f3b2d594b1c3ad9f81b2a54dfa46a5c70ecf8e
-
SHA256
d275da6665f82019afc81940610ecb8e9fb700f6960503c96b306b944f697aef
-
SHA512
30b7f671202b5d71aa3463f90b186e23b8be75ce17922a3445dbaf5a3b008b998789b17ff331be2a148f704015f29a717bfc02e8409b1979dedea17e42c9e311
-
SSDEEP
768:GNG6d12fb7TDA0CcTZYc3JDDcK8twr9NvV3EtYGZC1cFwGS7H8puEXt7jJ:GY24fbDA0CIZYc3J0PoT1EyGZC1cFwGF
Static task
static1
Behavioral task
behavioral1
Sample
fl1416.js
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
fl1416.js
Resource
win10v2004-20230703-en
Malware Config
Extracted
https://turvavalaisin.fi/loco.zip
https://turvavalaisin.fi/files/
Extracted
https://turvavalaisin.fi/loco.zip
https://turvavalaisin.fi/files/
Targets
-
-
Target
fl1416.js
-
Size
46KB
-
MD5
ab83faeee057af8ebe3f5b37dbc4525a
-
SHA1
01f3b2d594b1c3ad9f81b2a54dfa46a5c70ecf8e
-
SHA256
d275da6665f82019afc81940610ecb8e9fb700f6960503c96b306b944f697aef
-
SHA512
30b7f671202b5d71aa3463f90b186e23b8be75ce17922a3445dbaf5a3b008b998789b17ff331be2a148f704015f29a717bfc02e8409b1979dedea17e42c9e311
-
SSDEEP
768:GNG6d12fb7TDA0CcTZYc3JDDcK8twr9NvV3EtYGZC1cFwGS7H8puEXt7jJ:GY24fbDA0CIZYc3J0PoT1EyGZC1cFwGF
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-