General
-
Target
ARS17291729317291729.js
-
Size
22KB
-
Sample
240207-lh41eafdg6
-
MD5
f11df5cf2e7e9c6b39612f3f60d9e9f2
-
SHA1
d919fe3bd69418f9e96569f9e73b4a1fa1cde9e9
-
SHA256
2770b332ef571a1462e5a38778307106e16ba66dca58717fe40f6f76259b717b
-
SHA512
1629a66eb3f8f48fa15d016995eb26f7b6342420eac8f34fdf42d514db1be5813df7a40f553b63da16b8eb6bde66d35297d23c63cffa252951988a28242e65bf
-
SSDEEP
384:swbhSjLO+uDvTeLoxguxAR02OY4PLRyxag8YvA9DWWRUwuoLljIzPNWHvrHejQlJ:pwLOxvTeLoxguxARGPLRyxag8YvA9DWu
Static task
static1
Behavioral task
behavioral1
Sample
ARS17291729317291729.js
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
ARS17291729317291729.js
Resource
win10v2004-20231222-en
Malware Config
Extracted
https://assime.ca/command.php
Extracted
http://sakaleralo.com/ccea268b-8716-46be-9148-3e614b38a0df.txt
Targets
-
-
Target
ARS17291729317291729.js
-
Size
22KB
-
MD5
f11df5cf2e7e9c6b39612f3f60d9e9f2
-
SHA1
d919fe3bd69418f9e96569f9e73b4a1fa1cde9e9
-
SHA256
2770b332ef571a1462e5a38778307106e16ba66dca58717fe40f6f76259b717b
-
SHA512
1629a66eb3f8f48fa15d016995eb26f7b6342420eac8f34fdf42d514db1be5813df7a40f553b63da16b8eb6bde66d35297d23c63cffa252951988a28242e65bf
-
SSDEEP
384:swbhSjLO+uDvTeLoxguxAR02OY4PLRyxag8YvA9DWWRUwuoLljIzPNWHvrHejQlJ:pwLOxvTeLoxguxARGPLRyxag8YvA9DWu
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-