General
-
Target
readme.ps1
-
Size
6KB
-
Sample
240123-qhtxnabde5
-
MD5
6cce740fb3df20ec27fa3bb760e69502
-
SHA1
4e8095213f97e64df6dfb3655aea1fd774844533
-
SHA256
a04f3d2be0b51c4c302bc4b881ee6c6b507bc432272fc37d7c531060607e7932
-
SHA512
c2f77ab349459b3f954c21e80fcb56453bb1776e9e122605649439ec015c1125b6f7f6419c385128f2802545de6365255e474a04149bae285d0c01578d215ddb
-
SSDEEP
192:OSPlCKYDjGHy9v0vVTeTHriuquid2VTTh8CWXB6:OSPlCKYD6S9cleTHm1cFTh8CWXB6
Static task
static1
Behavioral task
behavioral1
Sample
readme.ps1
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
readme.ps1
Resource
win10v2004-20231215-en
Malware Config
Extracted
https://core-click.net/TVFrontend/NSM.zip
https://core-click.net/TVFrontend/remcmdstub.zip
https://core-click.net/TVFrontend/DLAA1view.zip
https://core-click.net/TVFrontend/mock/
Targets
-
-
Target
readme.ps1
-
Size
6KB
-
MD5
6cce740fb3df20ec27fa3bb760e69502
-
SHA1
4e8095213f97e64df6dfb3655aea1fd774844533
-
SHA256
a04f3d2be0b51c4c302bc4b881ee6c6b507bc432272fc37d7c531060607e7932
-
SHA512
c2f77ab349459b3f954c21e80fcb56453bb1776e9e122605649439ec015c1125b6f7f6419c385128f2802545de6365255e474a04149bae285d0c01578d215ddb
-
SSDEEP
192:OSPlCKYDjGHy9v0vVTeTHriuquid2VTTh8CWXB6:OSPlCKYD6S9cleTHm1cFTh8CWXB6
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-