General
-
Target
HHYGASDBBBX.hta
-
Size
1.2MB
-
Sample
230724-r757naeh61
-
MD5
2aa4741c22f4f7e9f7fb2318e974649c
-
SHA1
f65ab7270f297c572a30650c6941dea145cd83f1
-
SHA256
069ac184f80baa3ced862d6704254d57990699bda965a9bcc2a89b2d8b61c123
-
SHA512
bca8f8a59e00dc69619bb36bc98d23935cbd7a320724bb90f64a799e6eb4654d7f1ca4ddec5276b233b9319b79b2dbffd8d95a3d28be63e0d0a05d58e74a1cd6
-
SSDEEP
3072:XMyG1hNUveUzpkVDbffRhyTcVWRda4Ynq/gQ:XMJvzU6xffrMckdabq/gQ
Static task
static1
Behavioral task
behavioral1
Sample
HHYGASDBBBX.hta
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
HHYGASDBBBX.hta
Resource
win10v2004-20230703-en
Malware Config
Targets
-
-
Target
HHYGASDBBBX.hta
-
Size
1.2MB
-
MD5
2aa4741c22f4f7e9f7fb2318e974649c
-
SHA1
f65ab7270f297c572a30650c6941dea145cd83f1
-
SHA256
069ac184f80baa3ced862d6704254d57990699bda965a9bcc2a89b2d8b61c123
-
SHA512
bca8f8a59e00dc69619bb36bc98d23935cbd7a320724bb90f64a799e6eb4654d7f1ca4ddec5276b233b9319b79b2dbffd8d95a3d28be63e0d0a05d58e74a1cd6
-
SSDEEP
3072:XMyG1hNUveUzpkVDbffRhyTcVWRda4Ynq/gQ:XMJvzU6xffrMckdabq/gQ
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-