General
-
Target
08022024_2226_07022024_DCS7727723772772.zip
-
Size
9KB
-
Sample
240208-rrm15sed7x
-
MD5
80e2a642533b2a87f7aa35f046c5022f
-
SHA1
ebecd0f155288700b32027731d0a56d2d50d516f
-
SHA256
26f21ada754233191d1980622136860a9f88723aa9254165e6eb0361817d856c
-
SHA512
5eae08fa59fe3b73d196794443c4ba03ddab0186ecdcfcf54d23673df73e74098718deba6ca624ad1325fce32749618ebb9fa464c0f06ca83431a605b637f161
-
SSDEEP
192:CIvbN1m3IJs8i+iQ9BlTb0mIgYgju3EcTYIcMCnvdM6Qy7z42PmqL55z:RuIJ++9TlHpI+S7THcMC26nz7eA5B
Static task
static1
Behavioral task
behavioral1
Sample
DCS7727723772772.js
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
DCS7727723772772.js
Resource
win10v2004-20231215-en
Malware Config
Extracted
https://assime.ca/command.php
Extracted
http://sakaleralo.com/ccea268b-8716-46be-9148-3e614b38a0df.txt
Targets
-
-
Target
DCS7727723772772.js
-
Size
25KB
-
MD5
fa4c5428813c2612116ac59af1862bcb
-
SHA1
50f324f71e12473644eefa338b11dd347d713f68
-
SHA256
8603c3e9cbbf9629724d1d4299418be0d2ad7ce04ea8091fc0bead7430d21fbd
-
SHA512
a770e57adc93505fbf7ccc4152ebc7985839e168770c16697f3b5d5f1ccd85ac5c1b641a7b407d53a727b2fcad33d123b930cc9ad13ba89c113c6809fbaccdb8
-
SSDEEP
768:MleSnV5r8Fi+tVxfS0fy8hghu28Iswykn5d0B/PK3py1XY4TgVzlqIDG3ZBoxPg0:eeaV5oIhzPRZxehtM
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-