General

  • Target

    54d7a871c8acfc326d6bc0e737d28180.exe

  • Size

    3.7MB

  • Sample

    230724-f7pzwsae8s

  • MD5

    54d7a871c8acfc326d6bc0e737d28180

  • SHA1

    1d172dd55977d3a49915225565ca9078be7937f8

  • SHA256

    a86fa532f408880e859f76d9a00454c16230fc5e035ea8913130fb20822af8b1

  • SHA512

    4d0b7a7dddeabb381932ab0381de2d3de0dc8fe6f4e90586c4cdbe7d90c6351e6c54b4fa3b6ee507b023b8d7a083dd3d5abb4404ebc3274806336c51e130520e

  • SSDEEP

    49152:8rWotRsnvwin6+SfrVthQA232WpNIYf8B:bzIJtho32WDMB

Score
10/10

Malware Config

Targets

    • Target

      54d7a871c8acfc326d6bc0e737d28180.exe

    • Size

      3.7MB

    • MD5

      54d7a871c8acfc326d6bc0e737d28180

    • SHA1

      1d172dd55977d3a49915225565ca9078be7937f8

    • SHA256

      a86fa532f408880e859f76d9a00454c16230fc5e035ea8913130fb20822af8b1

    • SHA512

      4d0b7a7dddeabb381932ab0381de2d3de0dc8fe6f4e90586c4cdbe7d90c6351e6c54b4fa3b6ee507b023b8d7a083dd3d5abb4404ebc3274806336c51e130520e

    • SSDEEP

      49152:8rWotRsnvwin6+SfrVthQA232WpNIYf8B:bzIJtho32WDMB

    Score
    10/10
    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks