General
-
Target
a378a6a5e51b753df66e6d1111d415dd61208f7e1489128ff9cc6cd1c726ac00.zip
-
Size
669KB
-
Sample
241016-fzfq9aydpk
-
MD5
7a6a561547039cf3a7d5e3b5dba6e8a5
-
SHA1
ed89e7dfb1a5f76c6677c701d8a9b90a7a963760
-
SHA256
a378a6a5e51b753df66e6d1111d415dd61208f7e1489128ff9cc6cd1c726ac00
-
SHA512
b3d4d76db398a63b8f561e4491f8ff4d058bf4a481aadc91b79c0c99e4ba207574f5cae142b87b0e12d3c0d56bcbd2997ea9b63dcb83bac60bc1f371119eaa62
-
SSDEEP
12288:A5OQesOYAQ5ArUIAb2PDQo7MHWCzBDbC36wYLDyFM/jg22ivFz:A5OBHPQGrnAqP+1C36w9FSH/9z
Malware Config
Targets
-
-
Target
yearprogrampro/yearprogrampro.exe
-
Size
720KB
-
MD5
a1fe4b371b934c8c687b206b7564cfb8
-
SHA1
33f1e110a1a105a7f848a57e82c8f425ce05a9ca
-
SHA256
3eccbb445d0849dd728ecc11d3f408aa20680961f7f2e5360f62d79ef4723354
-
SHA512
c89e18a962eb929eb91390d0983cce564167861120ed6588d2f3cf97be30187f3d0573c649c25131a11608291f75301f7ee408b9836a97c2a8bca763f13b0017
-
SSDEEP
12288:fizy90baNIAj2PrQo78/WCzB/XC36wYLDyfM/rg2zPHP4cYC0gNo:fAyc9ASPolC36wPfkHDv4cYQa
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1