General
-
Target
Update_161_121.0.616.js
-
Size
436KB
-
Sample
240301-ypjn9scg28
-
MD5
b78306686a601cf2e9546e7334199329
-
SHA1
0be158e31cbca00324d325bd4c0b706e8c9b879b
-
SHA256
279d3eb32b819921d4315d250afed96adf8df910a5f95e4378410df9b3188fcf
-
SHA512
19c4969cd16847698cbf334253543e5e8e714a41b7febe282118dd8ba9de3b9f683fea9450203b6be70801af75180c5bab925aef79b569874ed2f3e7a7248ab2
-
SSDEEP
12288:QnviA7OpTRtRtFAbD8nviA7OpTRtRtFAbD8G:QKbpTRtRt6PbpTRtRt6V
Malware Config
Extracted
https://aljannatquranteach.com/data.php?11223
https://aljannatquranteach.com/data.php?11223
Extracted
https://aljannatquranteach.com/data.php?14103
https://aljannatquranteach.com/data.php?14103
Extracted
https://aljannatquranteach.com/data.php?7046
https://aljannatquranteach.com/data.php?7046
Targets
-
-
Target
Update_161_121.0.616.js
-
Size
436KB
-
MD5
b78306686a601cf2e9546e7334199329
-
SHA1
0be158e31cbca00324d325bd4c0b706e8c9b879b
-
SHA256
279d3eb32b819921d4315d250afed96adf8df910a5f95e4378410df9b3188fcf
-
SHA512
19c4969cd16847698cbf334253543e5e8e714a41b7febe282118dd8ba9de3b9f683fea9450203b6be70801af75180c5bab925aef79b569874ed2f3e7a7248ab2
-
SSDEEP
12288:QnviA7OpTRtRtFAbD8nviA7OpTRtRtFAbD8G:QKbpTRtRt6PbpTRtRt6V
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-