General
-
Target
ave6608jsjsjsjsjsjsjsjsjs.js
-
Size
48KB
-
Sample
230709-tqgh3sfb3z
-
MD5
493f69ec7712ffa62e867ad4d1782032
-
SHA1
d1793f4c3c1a4edeb6f733357ca8905e6fa384c9
-
SHA256
2b04eb3c0f95ecd1e2a5b74275d82ce3d92f8b153774a59fb7243d39b1b56ae9
-
SHA512
1bddaa72265811bfda643596cb6bc211a07f9687d9f5cc21a10c9cff362da4d8f013328a5e484557f7559fa60434f39087d611dfcf54fe7e8abf4fd2cd836a09
-
SSDEEP
768:mj+yH/l9fdyDlNT4kBPZT3ezR++ag4yuCdIfqMrWVE0rZj4P/T:myyH/ndyDlNT4mPlu+BOuKIfqYgZjyT
Static task
static1
Behavioral task
behavioral1
Sample
ave6608jsjsjsjsjsjsjsjsjs.js
Resource
win7-20230705-en
Behavioral task
behavioral2
Sample
ave6608jsjsjsjsjsjsjsjsjs.js
Resource
win10v2004-20230703-en
Malware Config
Extracted
https://virvatulishop.com/labda.zip
https://virvatulishop.com/files/
Extracted
https://virvatulishop.com/labda.zip
https://virvatulishop.com/files/
Targets
-
-
Target
ave6608jsjsjsjsjsjsjsjsjs.js
-
Size
48KB
-
MD5
493f69ec7712ffa62e867ad4d1782032
-
SHA1
d1793f4c3c1a4edeb6f733357ca8905e6fa384c9
-
SHA256
2b04eb3c0f95ecd1e2a5b74275d82ce3d92f8b153774a59fb7243d39b1b56ae9
-
SHA512
1bddaa72265811bfda643596cb6bc211a07f9687d9f5cc21a10c9cff362da4d8f013328a5e484557f7559fa60434f39087d611dfcf54fe7e8abf4fd2cd836a09
-
SSDEEP
768:mj+yH/l9fdyDlNT4kBPZT3ezR++ag4yuCdIfqMrWVE0rZj4P/T:myyH/ndyDlNT4mPlu+BOuKIfqYgZjyT
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-