General
-
Target
Advanced_IP_Scanner_2.5.4594.1.exe
-
Size
19.4MB
-
Sample
240829-tkn1zazdng
-
MD5
992f8e84f2e21ae93c54f4cac8ee971a
-
SHA1
5538d123c15fda1dbb1ae5b83b125a8e968ed52c
-
SHA256
8868c187d09c7474f200c8ffef6141ae9dd7e482641e62c923a43f085cf99117
-
SHA512
98dd1954c03d68659fef7910f87994984580a8b6d9a7583122697af76ee8dbb49584de00e720d9febdbc249901c41b140a41c9b374985e439bfaba7d3ad18813
-
SSDEEP
393216:xjU8zx7KRxNGGNIQl9sFH1vEZRN/AGuQZ9TLDay9uFaU6TQTA:xjU8MRiGNIQlufvuNoZQZ5DSDTA
Malware Config
Targets
-
-
Target
Advanced_IP_Scanner_2.5.4594.1.exe
-
Size
19.4MB
-
MD5
992f8e84f2e21ae93c54f4cac8ee971a
-
SHA1
5538d123c15fda1dbb1ae5b83b125a8e968ed52c
-
SHA256
8868c187d09c7474f200c8ffef6141ae9dd7e482641e62c923a43f085cf99117
-
SHA512
98dd1954c03d68659fef7910f87994984580a8b6d9a7583122697af76ee8dbb49584de00e720d9febdbc249901c41b140a41c9b374985e439bfaba7d3ad18813
-
SSDEEP
393216:xjU8zx7KRxNGGNIQl9sFH1vEZRN/AGuQZ9TLDay9uFaU6TQTA:xjU8MRiGNIQlufvuNoZQZ5DSDTA
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Command and Scripting Interpreter: PowerShell
Start PowerShell.
-