General
-
Target
6a1f9cd96e83e128052256853176ae7162abdebc72b93fdb5f32eae53cf9e119.js
-
Size
64KB
-
Sample
240305-cvxbnabh9v
-
MD5
2ef941216fe750eeed4fb1679c93370d
-
SHA1
d51d80623ef091ad40b97c7afe8285d4d196d74f
-
SHA256
6a1f9cd96e83e128052256853176ae7162abdebc72b93fdb5f32eae53cf9e119
-
SHA512
40f69f58aac11499d10b43b3a6aeea241bfbb633dd69803accb2bb041f1a656f62d96d36f9bc1a5d4dedba15ddc2afa56f641a9cd3ccd746b82f2028786669ef
-
SSDEEP
1536:p4s1HFEa+GiVYDUaTlMd8lXG3esO6BEgIlofHxYSAZ580weXxdUJHRROiI0oMQqE:b1HFf+3jiPtsO6BEgIlofRYSAZ580weZ
Malware Config
Extracted
https://compactgrill.hu/care.txt
Extracted
http://whatisfurosemide.com/f877c2e5-2949-4498-af83-6a5c5jd37342a.txt
Targets
-
-
Target
6a1f9cd96e83e128052256853176ae7162abdebc72b93fdb5f32eae53cf9e119.js
-
Size
64KB
-
MD5
2ef941216fe750eeed4fb1679c93370d
-
SHA1
d51d80623ef091ad40b97c7afe8285d4d196d74f
-
SHA256
6a1f9cd96e83e128052256853176ae7162abdebc72b93fdb5f32eae53cf9e119
-
SHA512
40f69f58aac11499d10b43b3a6aeea241bfbb633dd69803accb2bb041f1a656f62d96d36f9bc1a5d4dedba15ddc2afa56f641a9cd3ccd746b82f2028786669ef
-
SSDEEP
1536:p4s1HFEa+GiVYDUaTlMd8lXG3esO6BEgIlofHxYSAZ580weXxdUJHRROiI0oMQqE:b1HFf+3jiPtsO6BEgIlofRYSAZ580weZ
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-