General
-
Target
servs2640.js
-
Size
46KB
-
Sample
230708-keqsyaeb6s
-
MD5
4c62c6a8e0c9cd145ca0aa98d48a8f49
-
SHA1
dd59c92ad4e81ba848cd5fa443d184cb40a9d16e
-
SHA256
b8686d667af55f779c7a64a334c9486af48998411cef6b6be46bcbd9150e019b
-
SHA512
90e3848554384e17e20f52fe41a8694d178bd1bb42a486c147138b51ec1dd2990bc5ff0deacc225759b9f6ca33f372450f8cba79e716d072674699e90e8f0344
-
SSDEEP
768:YHKA9SzXkvGj+uVtN6HwzkvZbW/us+1bMUWwMrA0HTwkbbOZhp1Io5Lex:YHOzXkvenN6HwgRK/h+Kj/A0fyZh7Iai
Static task
static1
Behavioral task
behavioral1
Sample
servs2640.js
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
servs2640.js
Resource
win10v2004-20230703-en
Malware Config
Extracted
https://ecotree.co.in/images/cora.zip
https://ecotree.co.in/images/files/cora.zip
Extracted
https://ecotree.co.in/images/cora.zip
https://ecotree.co.in/images/files/cora.zip
Targets
-
-
Target
servs2640.js
-
Size
46KB
-
MD5
4c62c6a8e0c9cd145ca0aa98d48a8f49
-
SHA1
dd59c92ad4e81ba848cd5fa443d184cb40a9d16e
-
SHA256
b8686d667af55f779c7a64a334c9486af48998411cef6b6be46bcbd9150e019b
-
SHA512
90e3848554384e17e20f52fe41a8694d178bd1bb42a486c147138b51ec1dd2990bc5ff0deacc225759b9f6ca33f372450f8cba79e716d072674699e90e8f0344
-
SSDEEP
768:YHKA9SzXkvGj+uVtN6HwzkvZbW/us+1bMUWwMrA0HTwkbbOZhp1Io5Lex:YHOzXkvenN6HwgRK/h+Kj/A0fyZh7Iai
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-