General
-
Target
in_4414413441441.zip
-
Size
10KB
-
Sample
240123-pvkn3sacar
-
MD5
f9f6a6115c620319c8457a3766eb05e6
-
SHA1
b4afa4eacf18d17585bdf52c920815f340434f64
-
SHA256
8329ad98e2bf9ac324d5871579b7089bb91165f862e8eafb89f369bbeb089343
-
SHA512
d2495361b9d6208cf9bc6a1564b8a78b11823f1193c9818a45d3a77ac9a40a79c32eb9eaa1b5bdf2189f61cfdfcbfbed26471f545a83506d6d3586e0b733c999
-
SSDEEP
192:llucBx+A7CQPrNj3ERfFL8xCtG5NwlUmJ8aqXKqYY970vTRZHFA6ATIMEV7GpHQX:9D1zNja9ttimUmOZvlgHlOIlGpHQ8Cj
Static task
static1
Behavioral task
behavioral1
Sample
in_4414413441441.zip
Resource
win10-20231215-en
Malware Config
Extracted
https://hsdiagnostico.com/readme.php
Extracted
https://core-click.net/TVFrontend/NSM.zip
https://core-click.net/TVFrontend/remcmdstub.zip
https://core-click.net/TVFrontend/DLAA1view.zip
https://core-click.net/TVFrontend/mock/
Targets
-
-
Target
in_4414413441441.zip
-
Size
10KB
-
MD5
f9f6a6115c620319c8457a3766eb05e6
-
SHA1
b4afa4eacf18d17585bdf52c920815f340434f64
-
SHA256
8329ad98e2bf9ac324d5871579b7089bb91165f862e8eafb89f369bbeb089343
-
SHA512
d2495361b9d6208cf9bc6a1564b8a78b11823f1193c9818a45d3a77ac9a40a79c32eb9eaa1b5bdf2189f61cfdfcbfbed26471f545a83506d6d3586e0b733c999
-
SSDEEP
192:llucBx+A7CQPrNj3ERfFL8xCtG5NwlUmJ8aqXKqYY970vTRZHFA6ATIMEV7GpHQX:9D1zNja9ttimUmOZvlgHlOIlGpHQ8Cj
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-