Overview
overview
10Static
static
1Update -520240216.zip
windows7-x64
1Update -520240216.zip
windows10-2004-x64
1Install/Up...163.js
windows7-x64
8Install/Up...163.js
windows10-2004-x64
10Install/Up...164.js
windows7-x64
8Install/Up...164.js
windows10-2004-x64
10Install/Up...165.js
windows7-x64
8Install/Up...165.js
windows10-2004-x64
10Install/Up...166.js
windows7-x64
8Install/Up...166.js
windows10-2004-x64
10Install/Up...167.js
windows7-x64
8Install/Up...167.js
windows10-2004-x64
10Update_bro...616.js
windows7-x64
8Update_bro...616.js
windows10-2004-x64
10General
-
Target
Update -520240216.zip
-
Size
2.5MB
-
Sample
240216-t2dlkadg35
-
MD5
88960ca7e84e00e17f38bdc9e7eb96c0
-
SHA1
cb85495ac0e656a8f92e329f4b5d38ad7f538f24
-
SHA256
dc3fac83706617f5c904a06080ac2b57c22a231aadad0b106de927e0c00dc50b
-
SHA512
4d6f220a831f2de1aecda4c681ef0379a0b068ac447acf0c8abb4a535b6652d8b7d62ffdf3cfad4c79f254aa2bb30eab59d7f24ac1820c9ebe9353bb2320c997
-
SSDEEP
49152:1O2q8AxbSxSF30Be5KW8wPmO2q8AkMzOjfCdk+8u59AbZO2q8AkMT:wX8AVlFkg4WfLX8A22dk+8u59DX8A3
Static task
static1
Behavioral task
behavioral1
Sample
Update -520240216.zip
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
Update -520240216.zip
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
Install/Update_browser_121.0.6163.js
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
Install/Update_browser_121.0.6163.js
Resource
win10v2004-20231222-en
Behavioral task
behavioral5
Sample
Install/Update_browser_121.0.6164.js
Resource
win7-20231129-en
Behavioral task
behavioral6
Sample
Install/Update_browser_121.0.6164.js
Resource
win10v2004-20231215-en
Behavioral task
behavioral7
Sample
Install/Update_browser_121.0.6165.js
Resource
win7-20231129-en
Behavioral task
behavioral8
Sample
Install/Update_browser_121.0.6165.js
Resource
win10v2004-20231215-en
Behavioral task
behavioral9
Sample
Install/Update_browser_121.0.6166.js
Resource
win7-20231215-en
Behavioral task
behavioral10
Sample
Install/Update_browser_121.0.6166.js
Resource
win10v2004-20231222-en
Behavioral task
behavioral11
Sample
Install/Update_browser_121.0.6167.js
Resource
win7-20231215-en
Behavioral task
behavioral12
Sample
Install/Update_browser_121.0.6167.js
Resource
win10v2004-20231215-en
Behavioral task
behavioral13
Sample
Update_browser_121.0.616.js
Resource
win7-20231215-en
Behavioral task
behavioral14
Sample
Update_browser_121.0.616.js
Resource
win10v2004-20231222-en
Malware Config
Extracted
https://grantallardserver.com/data.php?9086
https://grantallardserver.com/data.php?9086
Extracted
https://grantallardserver.com/data.php?14979
https://grantallardserver.com/data.php?14979
Extracted
https://grantallardserver.com/data.php?14648
https://grantallardserver.com/data.php?14648
Extracted
https://grantallardserver.com/data.php?13746
https://grantallardserver.com/data.php?13746
Extracted
https://grantallardserver.com/data.php?6577
https://grantallardserver.com/data.php?6577
Extracted
https://grantallardserver.com/data.php?6001
https://grantallardserver.com/data.php?6001
Targets
-
-
Target
Update -520240216.zip
-
Size
2.5MB
-
MD5
88960ca7e84e00e17f38bdc9e7eb96c0
-
SHA1
cb85495ac0e656a8f92e329f4b5d38ad7f538f24
-
SHA256
dc3fac83706617f5c904a06080ac2b57c22a231aadad0b106de927e0c00dc50b
-
SHA512
4d6f220a831f2de1aecda4c681ef0379a0b068ac447acf0c8abb4a535b6652d8b7d62ffdf3cfad4c79f254aa2bb30eab59d7f24ac1820c9ebe9353bb2320c997
-
SSDEEP
49152:1O2q8AxbSxSF30Be5KW8wPmO2q8AkMzOjfCdk+8u59AbZO2q8AkMT:wX8AVlFkg4WfLX8A22dk+8u59DX8A3
Score1/10 -
-
-
Target
Install/Update_browser_121.0.6163.js
-
Size
1.3MB
-
MD5
7ecc973a8ab0e0df11d0103fc763aec2
-
SHA1
d6ea12f010e3f2b229f616bff27f6f590b9922f3
-
SHA256
ef3240f277751f4149e702336035632b7cb6b1e7f8ccd2ad50c9c85dc3a14891
-
SHA512
84fef056c1f03a10a21f561e30be5a7f3a24485d75c27cfde6a8065bbc3d0e22559e7f0d9a13c53702506183efc3a9ee95183fbdf7fd0f0aa3c1b0cbf44b6552
-
SSDEEP
12288:sqkdj8gY4HQJ2Oyqkdj8gY4HQJ2Oyqkdj8gY4HQJ2Ok:PkdBpQFVkdBpQFVkdBpQFk
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
Install/Update_browser_121.0.6164.js
-
Size
1.3MB
-
MD5
06ee8302ec320908c9395a5ca17756a9
-
SHA1
65378085bbb933de3c19d194fd23a78262549546
-
SHA256
7668e03a8035301f2597d4e4d2fd2660139f1432da002e397b1182cd7d911630
-
SHA512
53536444e6c6246ac092cb15497f17ab12f73ca13f1c210029b361f57267d626dfc5f0659c19c92e32315b996d9a7e445cd2b3d7b70faaae2c43072631f4c9f5
-
SSDEEP
12288:yqkdj8gY4HQJ2Oyqkdj8gY4HQJ2Oyqkdj8gY4HQJ2Ok:VkdBpQFVkdBpQFVkdBpQFk
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
-
-
Target
Install/Update_browser_121.0.6165.js
-
Size
1.3MB
-
MD5
f81058fb98198fb56f2b846d3d64f61a
-
SHA1
6fc92a83c7d2be9994c5aaf7b68fe62fc660c548
-
SHA256
9bc8f97bad4cf4607037be15990d4d8396873487c1e11101ebd95123fdbf631a
-
SHA512
1d5f1cf04a9bcab96576711c06fa8bed0523dea1aab867649a278ae9ddf813a585aea5c8e903f44554707d2eba842e151bf677bef41ef10c568f49440923e57a
-
SSDEEP
12288:Bqkdj8gY4HQJ2Oyqkdj8gY4HQJ2Oyqkdj8gY4HQJ2Ok:ckdBpQFVkdBpQFVkdBpQFk
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
-
-
Target
Install/Update_browser_121.0.6166.js
-
Size
1.3MB
-
MD5
4877fc7cdee26e86dff3a3964ddbd156
-
SHA1
58aa4af372b60958a608006e69f356c17273fa52
-
SHA256
69593610bb4221e42aef8b4f84c42f8b7056778b8e8b9d527d0c1408624653d8
-
SHA512
131b03d03efa2b10c8cd4b48685c9623fcb05962402be54b180c317651401bf18261256fa74436ed6444bac740b528cb3b3ec44fa39a1663d62314bda42f6538
-
SSDEEP
12288:pqkdj8gY4HQJ2Oyqkdj8gY4HQJ2Oyqkdj8gY4HQJ2Ok:0kdBpQFVkdBpQFVkdBpQFk
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
-
-
Target
Install/Update_browser_121.0.6167.js
-
Size
1.3MB
-
MD5
14a597959dc3abb0a7f9f76146cf2607
-
SHA1
c8733f6d5cdab2f5bfc1a9d06bb5a06eee8b5f0b
-
SHA256
b8bd0ecac53cda84ef8be72d4a904a7ecc4cf841706400cffe8b599f2b4a6672
-
SHA512
3e21a39ba2efcac7d58c5edb890211f69b483cd6202ddee69938a43f88f9358361df836590fac678053245b7377a7abcfd0df8b06c8340a7e824340fbca126d5
-
SSDEEP
12288:8qkdj8gY4HQJ2Oyqkdj8gY4HQJ2Oyqkdj8gY4HQJ2Ok:fkdBpQFVkdBpQFVkdBpQFk
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
-
-
Target
Update_browser_121.0.616.js
-
Size
867KB
-
MD5
d7afb0b85ae4661eafd7b86759f5f49e
-
SHA1
403214974457770eb6523a763f2f681da66b6e99
-
SHA256
4ba8cb6306747ba7419507aa01ec895e38ecd7e291746546d7609e668955c69f
-
SHA512
eb9fdac18c862a5ebcfe47999d2f9d003873d9e730320698e007b41152ba2aab84b27dd2640830c016cdb8aaa09dc34a86e107ea1fe8e0943c7c30572e08bbe7
-
SSDEEP
6144:8+IrEhFgMczj0aw0810VLuqjHFPm4HQQuZ2Ozu+IrEhFgMczj0aw0810VLuqjHFx:8qkdj8gY4HQJ2Oyqkdj8gY4HQJ2Ok
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-