General
-
Target
142101421014210REC_.js
-
Size
82KB
-
Sample
240301-mcjb7afd2s
-
MD5
dfc7f50c2ccb605bc0230c7c07e8e96d
-
SHA1
bbc6d71f601546c702c32f6dadeda8574b7b7ba9
-
SHA256
004d74496975e008a7fc693503d1e37480d46ce33d17c7e48fa0d7ca29e1a015
-
SHA512
24218fe3334327d13f3380904cb59ea082e57f6758b330e06dafe9f12a05d3ce2c8bb2f527245a3ef838b07fcf36231c614d4868b0f874095eadfe138e514a5b
-
SSDEEP
1536:FziPYUNKRMz+GB1+vS3DL/NgMwZc+m/A1pRrGOIPFDgPwj9UtC06VBn6GZa8Tsra:FzijRqGrPfkRr7IRgPaqojfZa8Tt
Static task
static1
Behavioral task
behavioral1
Sample
142101421014210REC_.js
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
142101421014210REC_.js
Resource
win10v2004-20240226-en
Malware Config
Extracted
https://cspapply.com/br.txt
Extracted
http://realty-bundles.com/2a23623a-355c-4esa7-a4bb-1e8928de3680.txt
Targets
-
-
Target
142101421014210REC_.js
-
Size
82KB
-
MD5
dfc7f50c2ccb605bc0230c7c07e8e96d
-
SHA1
bbc6d71f601546c702c32f6dadeda8574b7b7ba9
-
SHA256
004d74496975e008a7fc693503d1e37480d46ce33d17c7e48fa0d7ca29e1a015
-
SHA512
24218fe3334327d13f3380904cb59ea082e57f6758b330e06dafe9f12a05d3ce2c8bb2f527245a3ef838b07fcf36231c614d4868b0f874095eadfe138e514a5b
-
SSDEEP
1536:FziPYUNKRMz+GB1+vS3DL/NgMwZc+m/A1pRrGOIPFDgPwj9UtC06VBn6GZa8Tsra:FzijRqGrPfkRr7IRgPaqojfZa8Tt
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-