General
-
Target
9cd1ee0ece1b7e51c0b17e30071576c0c364acfcf22a7a1632a9ec8889aad956.js
-
Size
60KB
-
Sample
240305-c2wnpsch89
-
MD5
b84380f6a697da3d7e41c9df6542e698
-
SHA1
cc4deaad5fc6a7163d18b7ba95521ef36ac2506c
-
SHA256
9cd1ee0ece1b7e51c0b17e30071576c0c364acfcf22a7a1632a9ec8889aad956
-
SHA512
f7c86d544cb7863841e779e57a48ca08b1a3f434a8dee83e4c0de91ae42fed9861a27a7ee8a8c16a75efcbe3fae3a09d9c0ef289c9cc06b39145476f0291120e
-
SSDEEP
1536:H2OFi4Pdnos33SZnztMyhKkF9ZwUMLW4sGtBe9TK2MXpjJjmGfs6//Li0KCd1r:H2Oi4Ks3ClzW/kF3wUMLW4sGtBe9TK2W
Malware Config
Extracted
https://compactgrill.hu/care.txt
Extracted
http://whatisfurosemide.com/f877c2e5-2949-4498-af83-6a5c5jd37342a.txt
Targets
-
-
Target
9cd1ee0ece1b7e51c0b17e30071576c0c364acfcf22a7a1632a9ec8889aad956.js
-
Size
60KB
-
MD5
b84380f6a697da3d7e41c9df6542e698
-
SHA1
cc4deaad5fc6a7163d18b7ba95521ef36ac2506c
-
SHA256
9cd1ee0ece1b7e51c0b17e30071576c0c364acfcf22a7a1632a9ec8889aad956
-
SHA512
f7c86d544cb7863841e779e57a48ca08b1a3f434a8dee83e4c0de91ae42fed9861a27a7ee8a8c16a75efcbe3fae3a09d9c0ef289c9cc06b39145476f0291120e
-
SSDEEP
1536:H2OFi4Pdnos33SZnztMyhKkF9ZwUMLW4sGtBe9TK2MXpjJjmGfs6//Li0KCd1r:H2Oi4Ks3ClzW/kF3wUMLW4sGtBe9TK2W
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-