General

  • Target

    e312f3a68eefbbf83da379f227dd0ff2.exe

  • Size

    3.7MB

  • Sample

    230724-fwed1sae4z

  • MD5

    e312f3a68eefbbf83da379f227dd0ff2

  • SHA1

    ac9951b01cd1577da7ac8f5b1114f3683ba27e61

  • SHA256

    59db50866d1de1b8c0f7b33a5f2569ce77797180cfe040c4fe7758f8abcf4bc1

  • SHA512

    a791c1500de04c85d557aa3bdbc952c5d8b99fc970177e7cc8434a88af8f04543522c16b2c5b93100ca2609ba832ff5f71e1a9d4e5aec8d4ee136d70d31cbde5

  • SSDEEP

    49152:8BWotRsnvwin6+SfrVthQA232WpNIYf8P:1zIJtho32WDMP

Score
10/10

Malware Config

Targets

    • Target

      e312f3a68eefbbf83da379f227dd0ff2.exe

    • Size

      3.7MB

    • MD5

      e312f3a68eefbbf83da379f227dd0ff2

    • SHA1

      ac9951b01cd1577da7ac8f5b1114f3683ba27e61

    • SHA256

      59db50866d1de1b8c0f7b33a5f2569ce77797180cfe040c4fe7758f8abcf4bc1

    • SHA512

      a791c1500de04c85d557aa3bdbc952c5d8b99fc970177e7cc8434a88af8f04543522c16b2c5b93100ca2609ba832ff5f71e1a9d4e5aec8d4ee136d70d31cbde5

    • SSDEEP

      49152:8BWotRsnvwin6+SfrVthQA232WpNIYf8P:1zIJtho32WDMP

    Score
    10/10
    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks