General
-
Target
servs341.js
-
Size
48KB
-
Sample
230708-keltzseb5y
-
MD5
0f178103ae8d637b8797f24fc0301af8
-
SHA1
249e1a6866c74153824cb992792112f4ea2d2654
-
SHA256
df4d902f7da2a7da84e00f34ecda7924ad27f5fef1c5397a0bfd15618f6b4f70
-
SHA512
e543dac0568b12b3fc8bec617775b6a33e3b832a89f97deafeb0f292ca59bcbacd1763c1800a613a3f4aed47bd1de9c517c73e77bacc2a698d09f1658b96ebe7
-
SSDEEP
1536:v18cfWeYsbsHk1l11ViYvTbeCNa8DOcZCzzVH:v14XsbsE/txL7U+OcZA
Static task
static1
Behavioral task
behavioral1
Sample
servs341.js
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
servs341.js
Resource
win10v2004-20230703-en
Malware Config
Extracted
https://ecotree.co.in/images/cora.zip
https://ecotree.co.in/images/files/cora.zip
Extracted
https://ecotree.co.in/images/cora.zip
https://ecotree.co.in/images/files/cora.zip
Targets
-
-
Target
servs341.js
-
Size
48KB
-
MD5
0f178103ae8d637b8797f24fc0301af8
-
SHA1
249e1a6866c74153824cb992792112f4ea2d2654
-
SHA256
df4d902f7da2a7da84e00f34ecda7924ad27f5fef1c5397a0bfd15618f6b4f70
-
SHA512
e543dac0568b12b3fc8bec617775b6a33e3b832a89f97deafeb0f292ca59bcbacd1763c1800a613a3f4aed47bd1de9c517c73e77bacc2a698d09f1658b96ebe7
-
SSDEEP
1536:v18cfWeYsbsHk1l11ViYvTbeCNa8DOcZCzzVH:v14XsbsE/txL7U+OcZA
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-