General
-
Target
notepad3285.js
-
Size
45KB
-
Sample
230708-kel5raeb5z
-
MD5
5b8f7f144d4b0d6acc2e32350461f555
-
SHA1
4295d3f4b7cf96051842be8b3e946c1c4b568a0a
-
SHA256
1ee2ad7b70f34878d0bf1122fb34603ebe6723e5773412a0be8c0577309a8cc0
-
SHA512
f8800633d94edbc74dbbad925ccca28d565eded522fdada91b15bf30c35bc27b511bc0c8c948cfdd31a5483a999eb468b01f21b72b43eb9c0daa44b10ba71f6a
-
SSDEEP
768:qhDWXgAYSt91THAmMiHA3HfLjgRtXwOfDVSFKgQZPrnQ/i:qhSXgtSt91TtDMHffgRFVSFKgur
Static task
static1
Behavioral task
behavioral1
Sample
notepad3285.js
Resource
win7-20230705-en
Behavioral task
behavioral2
Sample
notepad3285.js
Resource
win10v2004-20230703-en
Malware Config
Extracted
https://virvatulishop.eu/costa.zip
https://virvatulishop.eu/files/
Extracted
https://virvatulishop.eu/costa.zip
https://virvatulishop.eu/files/
Targets
-
-
Target
notepad3285.js
-
Size
45KB
-
MD5
5b8f7f144d4b0d6acc2e32350461f555
-
SHA1
4295d3f4b7cf96051842be8b3e946c1c4b568a0a
-
SHA256
1ee2ad7b70f34878d0bf1122fb34603ebe6723e5773412a0be8c0577309a8cc0
-
SHA512
f8800633d94edbc74dbbad925ccca28d565eded522fdada91b15bf30c35bc27b511bc0c8c948cfdd31a5483a999eb468b01f21b72b43eb9c0daa44b10ba71f6a
-
SSDEEP
768:qhDWXgAYSt91THAmMiHA3HfLjgRtXwOfDVSFKgQZPrnQ/i:qhSXgtSt91TtDMHffgRFVSFKgur
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-