General
-
Target
46cd6b34f7710afb89303715779a915f41f528b06189815b22672e80986d7916.js
-
Size
61KB
-
Sample
240305-cp9d2acd86
-
MD5
cfb018f98474eae2614454fdff0a4fef
-
SHA1
9a5d5939b4b8b8d300ba6744ad1e65ca4d08e168
-
SHA256
46cd6b34f7710afb89303715779a915f41f528b06189815b22672e80986d7916
-
SHA512
67527eb9cbab95f72533b8b4bc34d8ae693519a34bfc4d35fcf8e988fc1ae84fb02e9ad8d05487c9c665e699c271e6275c8c81638e08eec8d2f4669b646c505f
-
SSDEEP
1536:8+eeHSmKvhgEB3Eurt47NJLP6z6+S2te/fKpw6o11uf+DKP:zTo3EuWg9S2te/fKpw6Kw
Static task
static1
Behavioral task
behavioral1
Sample
46cd6b34f7710afb89303715779a915f41f528b06189815b22672e80986d7916.js
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
46cd6b34f7710afb89303715779a915f41f528b06189815b22672e80986d7916.js
Resource
win10v2004-20240226-en
Malware Config
Extracted
https://compactgrill.hu/care.txt
Extracted
http://whatisfurosemide.com/f877c2e5-2949-4498-af83-6a5c5jd37342a.txt
Targets
-
-
Target
46cd6b34f7710afb89303715779a915f41f528b06189815b22672e80986d7916.js
-
Size
61KB
-
MD5
cfb018f98474eae2614454fdff0a4fef
-
SHA1
9a5d5939b4b8b8d300ba6744ad1e65ca4d08e168
-
SHA256
46cd6b34f7710afb89303715779a915f41f528b06189815b22672e80986d7916
-
SHA512
67527eb9cbab95f72533b8b4bc34d8ae693519a34bfc4d35fcf8e988fc1ae84fb02e9ad8d05487c9c665e699c271e6275c8c81638e08eec8d2f4669b646c505f
-
SSDEEP
1536:8+eeHSmKvhgEB3Eurt47NJLP6z6+S2te/fKpw6o11uf+DKP:zTo3EuWg9S2te/fKpw6Kw
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-