General
-
Target
Update_browser_17.6436.js
-
Size
296KB
-
Sample
240109-xyn5nshabl
-
MD5
fd24b53547b889be132aa98a7f193614
-
SHA1
c5331d01d1149e8b5846d076afaa3f60f5458f99
-
SHA256
d8f2134faeed8cf62887aaad8403ab7f29b5cd26cd03b81cb59774442d97fc0e
-
SHA512
54995b6a818f870655cd33b2b4cdf1185cdfbb91ecf6c8217834ec454041039a4defd7c178851ac11bc32d61d08dd92a2a6207ce90071d2d7987019ae9074c79
-
SSDEEP
3072:4OpyDJu8XUtQQSO1T7cbF/nlz3wq2BOOpyDJu8XUtQQSO1T7cbF/nlz3wq2Bp:lcJ6QhO1T7cZd6BvcJ6QhO1T7cZd6Bp
Malware Config
Extracted
https://boxtechcompany.com/data.php?8796
https://boxtechcompany.com/data.php?8796
Extracted
https://boxtechcompany.com/data.php?8534
https://boxtechcompany.com/data.php?8534
Extracted
https://boxtechcompany.com/data.php?5381
https://boxtechcompany.com/data.php?5381
Targets
-
-
Target
Update_browser_17.6436.js
-
Size
296KB
-
MD5
fd24b53547b889be132aa98a7f193614
-
SHA1
c5331d01d1149e8b5846d076afaa3f60f5458f99
-
SHA256
d8f2134faeed8cf62887aaad8403ab7f29b5cd26cd03b81cb59774442d97fc0e
-
SHA512
54995b6a818f870655cd33b2b4cdf1185cdfbb91ecf6c8217834ec454041039a4defd7c178851ac11bc32d61d08dd92a2a6207ce90071d2d7987019ae9074c79
-
SSDEEP
3072:4OpyDJu8XUtQQSO1T7cbF/nlz3wq2BOOpyDJu8XUtQQSO1T7cbF/nlz3wq2Bp:lcJ6QhO1T7cZd6BvcJ6QhO1T7cZd6Bp
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-