General
-
Target
I_477747774777SH_4777.zip
-
Size
27KB
-
Sample
240303-lfmcksgh82
-
MD5
19df1813ad5b2f54ab5c19b6e6c6308f
-
SHA1
007bb6ebe29a21f9b6344cceea64f27aa6147dbf
-
SHA256
fad46899d17fbd6a686f29d6721aeb449b524bcab309920ca4ad30b84ab6791a
-
SHA512
caaaecf49a066a0928d823c792dde26a2a3db60284ad3568aa90b55de5cecc84100b4d395dae259de099b021384e2d8cd7f0b7f405db3daa4092ab16d6d5ef93
-
SSDEEP
768:atsp6c+Sq6xw0RdtB1HYsyqEF2M19rR2hBmURaCBd1:ND+S7xtdFHYsXM1jQEURaCb1
Static task
static1
Behavioral task
behavioral1
Sample
I_477747774777SH_4777.js
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
I_477747774777SH_4777.js
Resource
win10v2004-20240226-en
Malware Config
Extracted
https://hotelashrafee.com/rem.txt
Extracted
http://leadingbyte.com/e6a85777-d353-412d-acaf-b017744de8b8c.txt
Targets
-
-
Target
I_477747774777SH_4777.js
-
Size
70KB
-
MD5
6168817e7808252a0175bb21426295c1
-
SHA1
180ac0aa18ceb1f2c06321fdd7be4bd80def175c
-
SHA256
cee471e525e0017d7a241b90d685d24d2b66c2251fe9782a350c5f2a1d57c68e
-
SHA512
42533021c2876e3dd07be3dce4fc1f6e9f9e6b846ce6682af1912b4c21a9e53d7904ea450e4acb641316f60a5173058332c94d1b4ff020c9dcbc6a122195c4dd
-
SSDEEP
1536:fDPh1Obk522cWTaNmuCzfqupYqBECfWQCSeQzFMa1hUJ:fLh8U22cCamukiuGChfWQMQz/rUJ
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-