General
-
Target
e66f1675c6e60c7cb7d10290618c7b86269e6efa016c08ad5af9f12d16c925ef.js
-
Size
62KB
-
Sample
240303-rwh8racf58
-
MD5
a05a8f4ff99e94ac57915c30a5db972c
-
SHA1
99d07b915836f066d2ef20314e06ecbdb7a26e00
-
SHA256
e66f1675c6e60c7cb7d10290618c7b86269e6efa016c08ad5af9f12d16c925ef
-
SHA512
8ec4798f140452cbb05455784bb0d9f75504fc7592525c253048aa2834ce944f95057757eced1ddb8f9ae76bdfc42dea3e702d58f8ac985313dbe6a227508c46
-
SSDEEP
1536:sARo4GPF1DsucfnjaW7hcoQUoSFgs8FHTxXzr/G:sA6DPF1IueneW7htoSFgPZp3/G
Static task
static1
Behavioral task
behavioral1
Sample
e66f1675c6e60c7cb7d10290618c7b86269e6efa016c08ad5af9f12d16c925ef.js
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e66f1675c6e60c7cb7d10290618c7b86269e6efa016c08ad5af9f12d16c925ef.js
Resource
win10v2004-20240226-en
Malware Config
Extracted
https://hotelashrafee.com/rem.txt
Extracted
http://leadingbyte.com/e6a85777-d353-412d-acaf-b017744de8b8c.txt
Targets
-
-
Target
e66f1675c6e60c7cb7d10290618c7b86269e6efa016c08ad5af9f12d16c925ef.js
-
Size
62KB
-
MD5
a05a8f4ff99e94ac57915c30a5db972c
-
SHA1
99d07b915836f066d2ef20314e06ecbdb7a26e00
-
SHA256
e66f1675c6e60c7cb7d10290618c7b86269e6efa016c08ad5af9f12d16c925ef
-
SHA512
8ec4798f140452cbb05455784bb0d9f75504fc7592525c253048aa2834ce944f95057757eced1ddb8f9ae76bdfc42dea3e702d58f8ac985313dbe6a227508c46
-
SSDEEP
1536:sARo4GPF1DsucfnjaW7hcoQUoSFgs8FHTxXzr/G:sA6DPF1IueneW7htoSFgPZp3/G
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-