General
-
Target
MDE_File_Sample_21e080d2a38237413aad3d5fa5b54307430eb864.zip
-
Size
681KB
-
Sample
240809-p5mlesvcjc
-
MD5
9297273a58cf6d7a0b394cee4b17b42b
-
SHA1
f01476c1c7e20b6e505553743b69d096198ba551
-
SHA256
21a146ee189e35127d48b4d54c3837f65a086324caffe777d5e8e9e0b4c1ee8b
-
SHA512
bca4201bcf7e4489c39a3dcddafca46d58498e2069f278245f00b0b36ee7cdd9a771b4e6ad33255e8683b439b578828224b3659d15b8f1221a1a2f9eb105ec61
-
SSDEEP
12288:2qz7Di8ivDzcfEV2LgT6PqERZ5vEvMlTw4//Y8GlS3zq5QI99QFht8MiFfp8O:jDHi7AE63Z5laSO5PIt8MU
Static task
static1
Behavioral task
behavioral1
Sample
Update (1).js
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
Update (1).js
Resource
win10v2004-20240802-en
Malware Config
Extracted
http://didsit.com/data.php?9427
http://didsit.com/data.php?9427
Targets
-
-
Target
Update (1).js
-
Size
3.9MB
-
MD5
c4aefe9f1ce6862df4f981938a2147f1
-
SHA1
21e080d2a38237413aad3d5fa5b54307430eb864
-
SHA256
7f76bf19775cb619c66e6636e463fb75f8d2e1c279c7d02806eb5d0674728b02
-
SHA512
c274cca49452500c9e5cdf4316a9be130df1a2b54e376ba23d2ba9f14fb5d01f30afc4b5aeca184c11a5eba6f7eef8c851c843083b0ee8c474ad1765b49021d8
-
SSDEEP
49152:6sz6FvpOiHY7sz6FvpOiHYXsz6FvpOiHY7sz6FvpOiHYnsz6FvpOiHY7sz6FvpOQ:60WQ0Ws0WQ0We0WQ0W5
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-