General
-
Target
servs3029.js
-
Size
46KB
-
Sample
230708-keklxsdb62
-
MD5
8c7ed7c3fb5379123ad345e1021dfc1d
-
SHA1
9066835dbd6a3f4929da0f9a854315280ae105e3
-
SHA256
d5f31838190076f9513334c1d93775aae4449c42cfdb4f8e7a09051ff723d73e
-
SHA512
476136e14bbc19fdc4179346d47122d3d6805a1ec2b11c97cd8464d727db0aa9eb250159e4fb586c0253090f61e3cb44e63313b894202375f7c08caa67e9e0fe
-
SSDEEP
768:Vdmk5/tv6rGShaGwy+9xgWuNDJ1lVD5NILRHz2Jigw/Gq6QtDkBbAzeyDvV4XD++:VdnxtveGShas8gDXNHILRKFw/N6QR0bB
Static task
static1
Behavioral task
behavioral1
Sample
servs3029.js
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
servs3029.js
Resource
win10v2004-20230703-en
Malware Config
Extracted
https://ecotree.co.in/images/cora.zip
https://ecotree.co.in/images/files/cora.zip
Extracted
https://ecotree.co.in/images/cora.zip
https://ecotree.co.in/images/files/cora.zip
Targets
-
-
Target
servs3029.js
-
Size
46KB
-
MD5
8c7ed7c3fb5379123ad345e1021dfc1d
-
SHA1
9066835dbd6a3f4929da0f9a854315280ae105e3
-
SHA256
d5f31838190076f9513334c1d93775aae4449c42cfdb4f8e7a09051ff723d73e
-
SHA512
476136e14bbc19fdc4179346d47122d3d6805a1ec2b11c97cd8464d727db0aa9eb250159e4fb586c0253090f61e3cb44e63313b894202375f7c08caa67e9e0fe
-
SSDEEP
768:Vdmk5/tv6rGShaGwy+9xgWuNDJ1lVD5NILRHz2Jigw/Gq6QtDkBbAzeyDvV4XD++:VdnxtveGShas8gDXNHILRKFw/N6QR0bB
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-