General
-
Target
servs1758.js
-
Size
46KB
-
Sample
230708-kek8fseb5x
-
MD5
3bd312549cceba21dc4cb32b5c19f74c
-
SHA1
99c08363e3b712d3a23479074940b24571b022e7
-
SHA256
9d40fa0a7ed9fdfd098107b8339eb016f86b8d562cb78d2ef74175f39836252f
-
SHA512
5cc74decf65d9f0e79baf08503de8cbb756568cde97f5b50a204ca79de90a4cec6bc0a8b49fb5aa923709b6f660b6534d4f31fb8d33352fd450bbdb6c289a2f3
-
SSDEEP
768:cBAtdzzfVQpfm81MPfdVdjBmDV+ZjV1+yKgcVRpjTRdCqJOVFgC8y:TdzhQpfm81MPfdVdjc+j8yKpVRpjldkH
Static task
static1
Behavioral task
behavioral1
Sample
servs1758.js
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
servs1758.js
Resource
win10v2004-20230703-en
Malware Config
Extracted
https://ecotree.co.in/images/cora.zip
https://ecotree.co.in/images/files/cora.zip
Extracted
https://ecotree.co.in/images/cora.zip
https://ecotree.co.in/images/files/cora.zip
Targets
-
-
Target
servs1758.js
-
Size
46KB
-
MD5
3bd312549cceba21dc4cb32b5c19f74c
-
SHA1
99c08363e3b712d3a23479074940b24571b022e7
-
SHA256
9d40fa0a7ed9fdfd098107b8339eb016f86b8d562cb78d2ef74175f39836252f
-
SHA512
5cc74decf65d9f0e79baf08503de8cbb756568cde97f5b50a204ca79de90a4cec6bc0a8b49fb5aa923709b6f660b6534d4f31fb8d33352fd450bbdb6c289a2f3
-
SSDEEP
768:cBAtdzzfVQpfm81MPfdVdjBmDV+ZjV1+yKgcVRpjTRdCqJOVFgC8y:TdzhQpfm81MPfdVdjc+j8yKpVRpjldkH
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-