General
-
Target
ave6119jsjsjsjsjsjsjsjsjs.js
-
Size
48KB
-
Sample
230709-sy9ddsdg86
-
MD5
55843871939bed9cad5acd5fba556736
-
SHA1
178c0a04d0ff6c2bb2baa1e5e241f3028198b935
-
SHA256
c4a3d1cec5bac2e0f1eb4671633ee0650b07831004130bd1d76c503655d2d26f
-
SHA512
a172c45060209c9ee5afd1348ed346a3c1de41f4b75b7ae4f58c9f0ae0f1782dbc0d5bf4e45c977b74bdecdf11f569203861ccba4526bb2a21c18734c673a6e3
-
SSDEEP
1536:nb1OUBLsGy18tV+FKnU7rkGsBWOnK5/YP2ay++o:nb1lwaH+FKZGsBNnK5/YPeVo
Static task
static1
Behavioral task
behavioral1
Sample
ave6119jsjsjsjsjsjsjsjsjs.js
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
ave6119jsjsjsjsjsjsjsjsjs.js
Resource
win10v2004-20230703-en
Malware Config
Extracted
https://virvatulishop.com/labda.zip
https://virvatulishop.com/files/
Extracted
https://virvatulishop.com/labda.zip
https://virvatulishop.com/files/
Targets
-
-
Target
ave6119jsjsjsjsjsjsjsjsjs.js
-
Size
48KB
-
MD5
55843871939bed9cad5acd5fba556736
-
SHA1
178c0a04d0ff6c2bb2baa1e5e241f3028198b935
-
SHA256
c4a3d1cec5bac2e0f1eb4671633ee0650b07831004130bd1d76c503655d2d26f
-
SHA512
a172c45060209c9ee5afd1348ed346a3c1de41f4b75b7ae4f58c9f0ae0f1782dbc0d5bf4e45c977b74bdecdf11f569203861ccba4526bb2a21c18734c673a6e3
-
SSDEEP
1536:nb1OUBLsGy18tV+FKnU7rkGsBWOnK5/YP2ay++o:nb1lwaH+FKZGsBNnK5/YPeVo
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-