General
-
Target
44c7822ba8533955e01b7f81e773fe05.exe
-
Size
3.1MB
-
Sample
230719-xlxw2saf48
-
MD5
44c7822ba8533955e01b7f81e773fe05
-
SHA1
fbb531f50cdaa6a5fbb422f8081b800674e3577a
-
SHA256
d1cbdab3bf09c371daec3e49d5422bbc62df1bdd98f073148d4abcca57d3e7c1
-
SHA512
6bd6caffa80ac046bd254e1c05808a8d5f71afbe558f5d11a2c38d80fe448f3cb784f792ae2353a3901a531f4cf13188885881402b9db4779797f485ccb46a11
-
SSDEEP
49152:lxl0H13A3ydeHyWm2CHI145+7IqvP+EJW:HodYRAI1oUIwP+OW
Static task
static1
Behavioral task
behavioral1
Sample
44c7822ba8533955e01b7f81e773fe05.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
44c7822ba8533955e01b7f81e773fe05.exe
Resource
win10v2004-20230703-en
Malware Config
Targets
-
-
Target
44c7822ba8533955e01b7f81e773fe05.exe
-
Size
3.1MB
-
MD5
44c7822ba8533955e01b7f81e773fe05
-
SHA1
fbb531f50cdaa6a5fbb422f8081b800674e3577a
-
SHA256
d1cbdab3bf09c371daec3e49d5422bbc62df1bdd98f073148d4abcca57d3e7c1
-
SHA512
6bd6caffa80ac046bd254e1c05808a8d5f71afbe558f5d11a2c38d80fe448f3cb784f792ae2353a3901a531f4cf13188885881402b9db4779797f485ccb46a11
-
SSDEEP
49152:lxl0H13A3ydeHyWm2CHI145+7IqvP+EJW:HodYRAI1oUIwP+OW
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-