General
-
Target
44c7822ba8533955e01b7f81e773fe05.bin
-
Size
1.6MB
-
Sample
230721-bn867sbe67
-
MD5
850a9c2936f20da5fc4241cc5bf2775a
-
SHA1
9a8db356629656ff192cc621d7f01db1e08461db
-
SHA256
357a21bb30ed9afe144a03490751a565d34b117b28b92e998f8d464809abc1fa
-
SHA512
0ff9aaa6f32c53ee9f85f32848dc63087043fa056c947d14c6436ef7d00b769f28e787ae3decf067c90a578419628fc86580358a68df42dd5ed2db3ecbdec689
-
SSDEEP
49152:2+uSYbQK8GOtHaR++PQvAOLowQ/Fo2GP6uoMoP2s:2r1r8FYI+ovm5oRPHoL
Static task
static1
Behavioral task
behavioral1
Sample
d1cbdab3bf09c371daec3e49d5422bbc62df1bdd98f073148d4abcca57d3e7c1.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
d1cbdab3bf09c371daec3e49d5422bbc62df1bdd98f073148d4abcca57d3e7c1.exe
Resource
win10v2004-20230703-en
Malware Config
Targets
-
-
Target
d1cbdab3bf09c371daec3e49d5422bbc62df1bdd98f073148d4abcca57d3e7c1.exe
-
Size
3.1MB
-
MD5
44c7822ba8533955e01b7f81e773fe05
-
SHA1
fbb531f50cdaa6a5fbb422f8081b800674e3577a
-
SHA256
d1cbdab3bf09c371daec3e49d5422bbc62df1bdd98f073148d4abcca57d3e7c1
-
SHA512
6bd6caffa80ac046bd254e1c05808a8d5f71afbe558f5d11a2c38d80fe448f3cb784f792ae2353a3901a531f4cf13188885881402b9db4779797f485ccb46a11
-
SSDEEP
49152:lxl0H13A3ydeHyWm2CHI145+7IqvP+EJW:HodYRAI1oUIwP+OW
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-