General
-
Target
CiscoSetup.exe
-
Size
16.1MB
-
Sample
241101-nj1qgs1akj
-
MD5
91f7229586df2c577a54ad0d1a5bdcb1
-
SHA1
938b4ddf983e035130a7fcbf0458c4f9d5b69ca5
-
SHA256
80f7768cbf016ae16f5758e31d9eb2d277c0566654f05bad152ecbde6eb616e5
-
SHA512
089ec05f751306b994eb1265245961c2f51b89679f4b70c08a0404fcfd7d6d6deec8133ee5f3f04e82d7272ec4c95bee3859fa9c74be0b96966c569fef258c0e
-
SSDEEP
393216:PexFZAWTc+MZ3mOvSY6oDXtVVFOzWt8zLDVi:+AL+WmOvS9qDSzHzL0
Static task
static1
Behavioral task
behavioral1
Sample
CiscoSetup.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
CiscoSetup.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
CiscoSetup.exe
-
Size
16.1MB
-
MD5
91f7229586df2c577a54ad0d1a5bdcb1
-
SHA1
938b4ddf983e035130a7fcbf0458c4f9d5b69ca5
-
SHA256
80f7768cbf016ae16f5758e31d9eb2d277c0566654f05bad152ecbde6eb616e5
-
SHA512
089ec05f751306b994eb1265245961c2f51b89679f4b70c08a0404fcfd7d6d6deec8133ee5f3f04e82d7272ec4c95bee3859fa9c74be0b96966c569fef258c0e
-
SSDEEP
393216:PexFZAWTc+MZ3mOvSY6oDXtVVFOzWt8zLDVi:+AL+WmOvS9qDSzHzL0
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Netsupport family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-