General

  • Target

    44c7822ba8533955e01b7f81e773fe05.exe

  • Size

    3.1MB

  • Sample

    230719-xlxw2saf48

  • MD5

    44c7822ba8533955e01b7f81e773fe05

  • SHA1

    fbb531f50cdaa6a5fbb422f8081b800674e3577a

  • SHA256

    d1cbdab3bf09c371daec3e49d5422bbc62df1bdd98f073148d4abcca57d3e7c1

  • SHA512

    6bd6caffa80ac046bd254e1c05808a8d5f71afbe558f5d11a2c38d80fe448f3cb784f792ae2353a3901a531f4cf13188885881402b9db4779797f485ccb46a11

  • SSDEEP

    49152:lxl0H13A3ydeHyWm2CHI145+7IqvP+EJW:HodYRAI1oUIwP+OW

Score
10/10

Malware Config

Targets

    • Target

      44c7822ba8533955e01b7f81e773fe05.exe

    • Size

      3.1MB

    • MD5

      44c7822ba8533955e01b7f81e773fe05

    • SHA1

      fbb531f50cdaa6a5fbb422f8081b800674e3577a

    • SHA256

      d1cbdab3bf09c371daec3e49d5422bbc62df1bdd98f073148d4abcca57d3e7c1

    • SHA512

      6bd6caffa80ac046bd254e1c05808a8d5f71afbe558f5d11a2c38d80fe448f3cb784f792ae2353a3901a531f4cf13188885881402b9db4779797f485ccb46a11

    • SSDEEP

      49152:lxl0H13A3ydeHyWm2CHI145+7IqvP+EJW:HodYRAI1oUIwP+OW

    Score
    10/10
    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks