General
-
Target
6ec2acc681da0597eeb30a40a34d5d1054152b18eb1e77e9c02a4dc77c030985.exe
-
Size
27.8MB
-
Sample
240917-bmpfeaygnk
-
MD5
2f0cbfa0f285df217fac1faad59fa80f
-
SHA1
bcef79da67710f2691a2f9f1d63815aa58fb8707
-
SHA256
6ec2acc681da0597eeb30a40a34d5d1054152b18eb1e77e9c02a4dc77c030985
-
SHA512
fe0d9fb84afefe2e408d4d0c4d810205b256de729f42d472d7cd503c8070c8888a19581af9e01541b6889eb6d5c83dc3d0ebcabc137c9f43923aedff6c75ae2b
-
SSDEEP
393216:lRPgWrgOSzU6QhcUkTb0LQvz1HaeNceuGznq6HZac4fFrPn:fPgWVOTwkrReeuGu6HUc49r
Malware Config
Targets
-
-
Target
6ec2acc681da0597eeb30a40a34d5d1054152b18eb1e77e9c02a4dc77c030985.exe
-
Size
27.8MB
-
MD5
2f0cbfa0f285df217fac1faad59fa80f
-
SHA1
bcef79da67710f2691a2f9f1d63815aa58fb8707
-
SHA256
6ec2acc681da0597eeb30a40a34d5d1054152b18eb1e77e9c02a4dc77c030985
-
SHA512
fe0d9fb84afefe2e408d4d0c4d810205b256de729f42d472d7cd503c8070c8888a19581af9e01541b6889eb6d5c83dc3d0ebcabc137c9f43923aedff6c75ae2b
-
SSDEEP
393216:lRPgWrgOSzU6QhcUkTb0LQvz1HaeNceuGznq6HZac4fFrPn:fPgWVOTwkrReeuGu6HUc49r
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-