General
-
Target
e312f3a68eefbbf83da379f227dd0ff2.exe
-
Size
3.7MB
-
Sample
230724-fwed1sae4z
-
MD5
e312f3a68eefbbf83da379f227dd0ff2
-
SHA1
ac9951b01cd1577da7ac8f5b1114f3683ba27e61
-
SHA256
59db50866d1de1b8c0f7b33a5f2569ce77797180cfe040c4fe7758f8abcf4bc1
-
SHA512
a791c1500de04c85d557aa3bdbc952c5d8b99fc970177e7cc8434a88af8f04543522c16b2c5b93100ca2609ba832ff5f71e1a9d4e5aec8d4ee136d70d31cbde5
-
SSDEEP
49152:8BWotRsnvwin6+SfrVthQA232WpNIYf8P:1zIJtho32WDMP
Static task
static1
Behavioral task
behavioral1
Sample
e312f3a68eefbbf83da379f227dd0ff2.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
e312f3a68eefbbf83da379f227dd0ff2.exe
Resource
win10v2004-20230703-en
Malware Config
Targets
-
-
Target
e312f3a68eefbbf83da379f227dd0ff2.exe
-
Size
3.7MB
-
MD5
e312f3a68eefbbf83da379f227dd0ff2
-
SHA1
ac9951b01cd1577da7ac8f5b1114f3683ba27e61
-
SHA256
59db50866d1de1b8c0f7b33a5f2569ce77797180cfe040c4fe7758f8abcf4bc1
-
SHA512
a791c1500de04c85d557aa3bdbc952c5d8b99fc970177e7cc8434a88af8f04543522c16b2c5b93100ca2609ba832ff5f71e1a9d4e5aec8d4ee136d70d31cbde5
-
SSDEEP
49152:8BWotRsnvwin6+SfrVthQA232WpNIYf8P:1zIJtho32WDMP
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-