General
-
Target
1907.zip
-
Size
2.1MB
-
Sample
230721-eqhzksbh87
-
MD5
7d89fee6e4533724bb9cca107266594c
-
SHA1
3f3c711f5e0d8f83b192f1ac477663996244fc82
-
SHA256
bb47465a7fce534905ffcecd45e01439e75e2057f62b7026fc526cf3dd93899b
-
SHA512
c6fe2704041aaff237a2203074a9667769240b599ade910cadfa3c7ff80d0ff4ce565193fa7d44bf1454b7d49a1c3bee9164f491fea64ad9083db8bf4636d2aa
-
SSDEEP
49152:zadcHZ2vRMmi9+s9vVaQj17Q2bqfekSVpKAyWgpfZ4rEna3DQDdlVe5PWZ5FvcB+:+d4YvRDi9+sXbWmkSblaardDUdbAP+U+
Static task
static1
Behavioral task
behavioral1
Sample
client32.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
client32.exe
Resource
win10v2004-20230703-en
Behavioral task
behavioral3
Sample
remcmdstub.exe
Resource
win7-20230712-en
Behavioral task
behavioral4
Sample
remcmdstub.exe
Resource
win10v2004-20230703-en
Malware Config
Targets
-
-
Target
client32.exe
-
Size
99KB
-
MD5
f70b67c2b3204b7ddd8b755799cccff0
-
SHA1
a42e55e328d62d11e687c167bb7049d46f0f9b26
-
SHA256
213af995d4142854b81af3cf73dee7ffe9d8ad6e84fda6386029101dbf3df897
-
SHA512
54fcba8a063bfbaae4c3a39624bf3407db6af5699ab8686f936ab03c5864df7a44d089066fa2d4aedf5ad50d6b04624966a5111bf57bec1dda74a571f1dd7c63
-
SSDEEP
384:qUjV5+6j6Qa86Fkv2Wr120hZIq6nYPL7NheMxnB1:qgVZl6FhWr80/h6EN/
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
-
-
Target
remcmdstub.exe
-
Size
58KB
-
MD5
ba2a1815e16b357eeff23b8394457aa5
-
SHA1
2492e2393cdaed5678ea0a573c50d06ec5f191f4
-
SHA256
e14c3224215ea91587e96b995861e8966166dfc08ab4d409bd729770815b3b81
-
SHA512
d505a1a17c44a96e74f94238b3623d7e6064b8c94007f2d94d6626eeee3ba75db92e569bc864c90096eabf61a0cd68ae690461b43b6e429b4deda1b44e18ba41
-
SSDEEP
1536:Wf6nvXuNcAjJMBUHYBlXU1wT2JFqyuAQYPT:g6nPcjJ4U4I1jFqyuHuT
Score1/10 -