General
-
Target
HysdbshdFGy.hta
-
Size
1.2MB
-
Sample
230719-sa6mlaha44
-
MD5
70407316ddc26070dfac13bb1e9eafbe
-
SHA1
d874b9959920a0666e25ad50a4a16b1f3549f752
-
SHA256
b983a17b372dd6db0a9815bb6632179702db622e752f3f69a9ab34b2ef76f995
-
SHA512
28e9f8e1243a52418f01e66aee19a6388c59c6b910703b7326ac4933b97ad43e8b2691e57f7f5796fa3dc02ba3b5c8e3e49a1d0bf32271569fc2042473b02826
-
SSDEEP
6144:7FrYbbk9QBeHIAjz9meEId/Rc/44A+HoTpTW:7Fr6i9y
Static task
static1
Behavioral task
behavioral1
Sample
HysdbshdFGy.hta
Resource
win10v2004-20230703-en
Malware Config
Targets
-
-
Target
HysdbshdFGy.hta
-
Size
1.2MB
-
MD5
70407316ddc26070dfac13bb1e9eafbe
-
SHA1
d874b9959920a0666e25ad50a4a16b1f3549f752
-
SHA256
b983a17b372dd6db0a9815bb6632179702db622e752f3f69a9ab34b2ef76f995
-
SHA512
28e9f8e1243a52418f01e66aee19a6388c59c6b910703b7326ac4933b97ad43e8b2691e57f7f5796fa3dc02ba3b5c8e3e49a1d0bf32271569fc2042473b02826
-
SSDEEP
6144:7FrYbbk9QBeHIAjz9meEId/Rc/44A+HoTpTW:7Fr6i9y
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-