General
-
Target
08022024_2231_07022024_ARS4254253425425.zip
-
Size
10KB
-
Sample
240208-rvkp7aee7w
-
MD5
e0746e290a9540934c606cb9f30c7505
-
SHA1
ffbec43711270a63b10d8cab84dffa6e9fcc5f26
-
SHA256
e114869d32aeda56a855e734631e32f5fbcca0682cea3f773f938518a754014a
-
SHA512
9ff45f7b382a35714f395a83806566cb0c407ce6a5454846bb402e1ff2f57042548e4c2dd15ad0660c8976271e1ce6896db84cbfa2f92c9deefd634b270ef185
-
SSDEEP
192:lUmY0tbJIH+iwJEPuJ6i6MVFejuYoA9OrGqF61Sz2CBbW8s5ybG4e7G6KK2:RY0tb+H0EW6RMRYMGDS9FU4sKK2
Static task
static1
Behavioral task
behavioral1
Sample
ARS4254253425425.js
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
ARS4254253425425.js
Resource
win10v2004-20231215-en
Malware Config
Extracted
https://assime.ca/command.php
Extracted
http://sakaleralo.com/ccea268b-8716-46be-9148-3e614b38a0df.txt
Targets
-
-
Target
ARS4254253425425.js
-
Size
30KB
-
MD5
b3f0d4ff6b231ceb9bcf39d6d773f995
-
SHA1
1f2b2b1eb4ce6bf53d1c42bfe08c5e642b1acfbb
-
SHA256
93d8e735e2028a6bb2191ae91273d9a6999058b74f78ac1523c93a575b795c25
-
SHA512
08e7332453dbf2a62e19edbc1ea5be251356547f02ea5afe60780d9d5ae330e18cab3c49e5ab43aa5ce7277aac672f73788db0ee84053484b9cbfb83aed7cca7
-
SSDEEP
768:ic78kofr9MzttQJklxbYPP9/r3e2wFoehDrMZmvkBKRdZXOLkr8R2Jx/gwwNEBce:iK4mRYPPtr3jh+x5Y6CJhU/0m
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-