General

  • Target

    E52BE8968152E665685D030C8D641540.exe

  • Size

    2.0MB

  • Sample

    240208-jpzcdsdea6

  • MD5

    e52be8968152e665685d030c8d641540

  • SHA1

    b6fffdeb2df0789cef2201416894f5ca6e055bfc

  • SHA256

    ea35797a9556636378031645a48f089087cd258f8e40e1399aa371b2cca3cb7f

  • SHA512

    e1f522f0d445bbaa371bcaac6ee780210ada01fb6702934777c3465afa374d7ea6d5dc97fbd50417e31a720a2839318821006f8d3f898773003b5d78c73c5482

  • SSDEEP

    49152:mXeTIVDZ5quXQqyAZF8L5wfHIvDVeoyS69XZJJdxopHq:mXe0RZlXQq5ZeLW/KynLJdypHq

Score
10/10

Malware Config

Targets

    • Target

      E52BE8968152E665685D030C8D641540.exe

    • Size

      2.0MB

    • MD5

      e52be8968152e665685d030c8d641540

    • SHA1

      b6fffdeb2df0789cef2201416894f5ca6e055bfc

    • SHA256

      ea35797a9556636378031645a48f089087cd258f8e40e1399aa371b2cca3cb7f

    • SHA512

      e1f522f0d445bbaa371bcaac6ee780210ada01fb6702934777c3465afa374d7ea6d5dc97fbd50417e31a720a2839318821006f8d3f898773003b5d78c73c5482

    • SSDEEP

      49152:mXeTIVDZ5quXQqyAZF8L5wfHIvDVeoyS69XZJJdxopHq:mXe0RZlXQq5ZeLW/KynLJdypHq

    Score
    10/10
    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks