General
-
Target
d3a24d9fc3d70a9719344547f8a2341c.exe
-
Size
3.7MB
-
Sample
230724-fxtv4aaa85
-
MD5
d3a24d9fc3d70a9719344547f8a2341c
-
SHA1
6d8d9aaccb8bc5ef2a0c8a6f19e46bd3a1483499
-
SHA256
6d3e53f049f891c6bd818554d04f3c41c8c5f2bf02d48ffa3ac6382262e95b57
-
SHA512
745394410ee4f41accd2d763b8494215a69c0c7b44814c5cc3b61fd0cef8c05abe59d21bf2962e357ce2ef3fa35112a6e67dcbcb9853a6a4f1995b76a9f35d1f
-
SSDEEP
49152:8rWotRsnvwin6+SfrVthQA232WpNIYf8P:bzIJtho32WDMP
Static task
static1
Behavioral task
behavioral1
Sample
d3a24d9fc3d70a9719344547f8a2341c.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
d3a24d9fc3d70a9719344547f8a2341c.exe
Resource
win10v2004-20230703-en
Malware Config
Targets
-
-
Target
d3a24d9fc3d70a9719344547f8a2341c.exe
-
Size
3.7MB
-
MD5
d3a24d9fc3d70a9719344547f8a2341c
-
SHA1
6d8d9aaccb8bc5ef2a0c8a6f19e46bd3a1483499
-
SHA256
6d3e53f049f891c6bd818554d04f3c41c8c5f2bf02d48ffa3ac6382262e95b57
-
SHA512
745394410ee4f41accd2d763b8494215a69c0c7b44814c5cc3b61fd0cef8c05abe59d21bf2962e357ce2ef3fa35112a6e67dcbcb9853a6a4f1995b76a9f35d1f
-
SSDEEP
49152:8rWotRsnvwin6+SfrVthQA232WpNIYf8P:bzIJtho32WDMP
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-