General
-
Target
Update_browser_17.6436.js
-
Size
296KB
-
Sample
240102-tmgpnshfhj
-
MD5
e239f09fd12e5d2bc17d3b87565c2d87
-
SHA1
56dd446e8524b074d50839f01539c7b07c57c9b6
-
SHA256
7791a5f2d1b2aabc186a9f42cd7d78657dc4e970f05ecb65ea729cf8643de90e
-
SHA512
85db1d32a84336b9e0ca9085e8aa7ce829c28053bf7a8c2b3dd95c07e5bc550ab803c6a07b9a5cefaa5d5504ef51857d6322132af33ce9cf1d30609da92187e0
-
SSDEEP
3072:4OpyDJu8XUtQQSO1T7cbF/nlz3wq2B9OpyDJu8XUtQQSO1T7cbF/nlz3wq2Bp:lcJ6QhO1T7cZd6BYcJ6QhO1T7cZd6Bp
Malware Config
Extracted
https://jesusanaya.com/GetData.php?13939
https://jesusanaya.com/GetData.php?13939
Extracted
https://jesusanaya.com/GetData.php?14341
https://jesusanaya.com/GetData.php?14341
Extracted
https://jesusanaya.com/GetData.php?12959
https://jesusanaya.com/GetData.php?12959
Targets
-
-
Target
Update_browser_17.6436.js
-
Size
296KB
-
MD5
e239f09fd12e5d2bc17d3b87565c2d87
-
SHA1
56dd446e8524b074d50839f01539c7b07c57c9b6
-
SHA256
7791a5f2d1b2aabc186a9f42cd7d78657dc4e970f05ecb65ea729cf8643de90e
-
SHA512
85db1d32a84336b9e0ca9085e8aa7ce829c28053bf7a8c2b3dd95c07e5bc550ab803c6a07b9a5cefaa5d5504ef51857d6322132af33ce9cf1d30609da92187e0
-
SSDEEP
3072:4OpyDJu8XUtQQSO1T7cbF/nlz3wq2B9OpyDJu8XUtQQSO1T7cbF/nlz3wq2Bp:lcJ6QhO1T7cZd6BYcJ6QhO1T7cZd6Bp
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-