General

  • Target

    44c7822ba8533955e01b7f81e773fe05.bin

  • Size

    1.6MB

  • Sample

    230721-bn867sbe67

  • MD5

    850a9c2936f20da5fc4241cc5bf2775a

  • SHA1

    9a8db356629656ff192cc621d7f01db1e08461db

  • SHA256

    357a21bb30ed9afe144a03490751a565d34b117b28b92e998f8d464809abc1fa

  • SHA512

    0ff9aaa6f32c53ee9f85f32848dc63087043fa056c947d14c6436ef7d00b769f28e787ae3decf067c90a578419628fc86580358a68df42dd5ed2db3ecbdec689

  • SSDEEP

    49152:2+uSYbQK8GOtHaR++PQvAOLowQ/Fo2GP6uoMoP2s:2r1r8FYI+ovm5oRPHoL

Score
10/10

Malware Config

Targets

    • Target

      d1cbdab3bf09c371daec3e49d5422bbc62df1bdd98f073148d4abcca57d3e7c1.exe

    • Size

      3.1MB

    • MD5

      44c7822ba8533955e01b7f81e773fe05

    • SHA1

      fbb531f50cdaa6a5fbb422f8081b800674e3577a

    • SHA256

      d1cbdab3bf09c371daec3e49d5422bbc62df1bdd98f073148d4abcca57d3e7c1

    • SHA512

      6bd6caffa80ac046bd254e1c05808a8d5f71afbe558f5d11a2c38d80fe448f3cb784f792ae2353a3901a531f4cf13188885881402b9db4779797f485ccb46a11

    • SSDEEP

      49152:lxl0H13A3ydeHyWm2CHI145+7IqvP+EJW:HodYRAI1oUIwP+OW

    Score
    10/10
    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks