General

  • Target

    d3a24d9fc3d70a9719344547f8a2341c.exe

  • Size

    3.7MB

  • Sample

    230724-fwz1qaae41

  • MD5

    d3a24d9fc3d70a9719344547f8a2341c

  • SHA1

    6d8d9aaccb8bc5ef2a0c8a6f19e46bd3a1483499

  • SHA256

    6d3e53f049f891c6bd818554d04f3c41c8c5f2bf02d48ffa3ac6382262e95b57

  • SHA512

    745394410ee4f41accd2d763b8494215a69c0c7b44814c5cc3b61fd0cef8c05abe59d21bf2962e357ce2ef3fa35112a6e67dcbcb9853a6a4f1995b76a9f35d1f

  • SSDEEP

    49152:8rWotRsnvwin6+SfrVthQA232WpNIYf8P:bzIJtho32WDMP

Score
10/10

Malware Config

Targets

    • Target

      d3a24d9fc3d70a9719344547f8a2341c.exe

    • Size

      3.7MB

    • MD5

      d3a24d9fc3d70a9719344547f8a2341c

    • SHA1

      6d8d9aaccb8bc5ef2a0c8a6f19e46bd3a1483499

    • SHA256

      6d3e53f049f891c6bd818554d04f3c41c8c5f2bf02d48ffa3ac6382262e95b57

    • SHA512

      745394410ee4f41accd2d763b8494215a69c0c7b44814c5cc3b61fd0cef8c05abe59d21bf2962e357ce2ef3fa35112a6e67dcbcb9853a6a4f1995b76a9f35d1f

    • SSDEEP

      49152:8rWotRsnvwin6+SfrVthQA232WpNIYf8P:bzIJtho32WDMP

    Score
    10/10
    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks