General
-
Target
54d7a871c8acfc326d6bc0e737d28180.exe
-
Size
3.7MB
-
Sample
230724-f7pzwsae8s
-
MD5
54d7a871c8acfc326d6bc0e737d28180
-
SHA1
1d172dd55977d3a49915225565ca9078be7937f8
-
SHA256
a86fa532f408880e859f76d9a00454c16230fc5e035ea8913130fb20822af8b1
-
SHA512
4d0b7a7dddeabb381932ab0381de2d3de0dc8fe6f4e90586c4cdbe7d90c6351e6c54b4fa3b6ee507b023b8d7a083dd3d5abb4404ebc3274806336c51e130520e
-
SSDEEP
49152:8rWotRsnvwin6+SfrVthQA232WpNIYf8B:bzIJtho32WDMB
Static task
static1
Behavioral task
behavioral1
Sample
54d7a871c8acfc326d6bc0e737d28180.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
54d7a871c8acfc326d6bc0e737d28180.exe
Resource
win10v2004-20230703-en
Malware Config
Targets
-
-
Target
54d7a871c8acfc326d6bc0e737d28180.exe
-
Size
3.7MB
-
MD5
54d7a871c8acfc326d6bc0e737d28180
-
SHA1
1d172dd55977d3a49915225565ca9078be7937f8
-
SHA256
a86fa532f408880e859f76d9a00454c16230fc5e035ea8913130fb20822af8b1
-
SHA512
4d0b7a7dddeabb381932ab0381de2d3de0dc8fe6f4e90586c4cdbe7d90c6351e6c54b4fa3b6ee507b023b8d7a083dd3d5abb4404ebc3274806336c51e130520e
-
SSDEEP
49152:8rWotRsnvwin6+SfrVthQA232WpNIYf8B:bzIJtho32WDMB
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-