Overview
overview
10Static
static
3AudioCapture.dll
windows7-x64
3AudioCapture.dll
windows10-2004-x64
3HTCTL32.dll
windows7-x64
3HTCTL32.dll
windows10-2004-x64
3PCICHEK.dll
windows7-x64
3PCICHEK.dll
windows10-2004-x64
3PCICL32.dll
windows7-x64
3PCICL32.dll
windows10-2004-x64
3TCCTL32.dll
windows7-x64
3TCCTL32.dll
windows10-2004-x64
3msvcr100.dll
windows7-x64
3msvcr100.dll
windows10-2004-x64
3pcicapi.dll
windows7-x64
3pcicapi.dll
windows10-2004-x64
3remcmdstub.exe
windows7-x64
3remcmdstub.exe
windows10-2004-x64
3uclient.exe
windows7-x64
10uclient.exe
windows10-2004-x64
10General
-
Target
gz_all.zip
-
Size
2.1MB
-
Sample
241126-nja5tsvqdq
-
MD5
ba609f469d8a96d5b48a22e7c354a927
-
SHA1
d8ea5d147bdfd1b7635c0ce3cce75c46e356851a
-
SHA256
9d405c3a3bd95031175b1f36b485a5210fd499155fa0db0403a81f3af928a271
-
SHA512
cae1ebbd1167e5b643f016a42b7fac19d8a459a400d2c81bef84722f0463a2b65607644d4561cbd00b5b4cac09b7f74f6c38e999d9bee198529684dae7c8fc0b
-
SSDEEP
49152:v33eTbkejUXHl6VKUD7iPYB8Yp67n5dY+ceAymZT6N/Pjx:v33SBMl6v+PYdpQ5dzaya6NN
Static task
static1
Behavioral task
behavioral1
Sample
AudioCapture.dll
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
AudioCapture.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
HTCTL32.dll
Resource
win7-20241023-en
Behavioral task
behavioral4
Sample
HTCTL32.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
PCICHEK.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
PCICHEK.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
PCICL32.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
PCICL32.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
TCCTL32.dll
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
TCCTL32.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
msvcr100.dll
Resource
win7-20241010-en
Behavioral task
behavioral12
Sample
msvcr100.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
pcicapi.dll
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
pcicapi.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
remcmdstub.exe
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
remcmdstub.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
uclient.exe
Resource
win7-20241010-en
Behavioral task
behavioral18
Sample
uclient.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
AudioCapture.dll
-
Size
90KB
-
MD5
192dcc30c09f0cb973997aebdb2efcfc
-
SHA1
3fa0efddd92dc65ea3ad8ede4af35c89cbe393c5
-
SHA256
dd305100644d07d73d3391456a7a90d838f12be560b9a04ef6b393d603d7d877
-
SHA512
3f47aceb63cfde1668ea25b1d48a108b4a54923dc3fa8f7afed1cca15ec980dbe780273a39c22fd6c1e104b429c93633009c425f6cc0ef09b5cde17fba08ecc6
-
SSDEEP
768:ZrOxYZwDgyfoVD/Ksdl0R8rKZEmU2ffE7CdmW1B1jvmhxccp2+vHxRpPfPtJNvbq:ZrOxDJs/Ksdl0R1dBmhFXxRpP9JNvbnq
Score3/10 -
-
-
Target
HTCTL32.DLL
-
Size
315KB
-
MD5
c0707cae9904c2022fd1fbaa94bbbba2
-
SHA1
8b2116f82abbe4f69c4522f7099ddeacbe18884c
-
SHA256
e2daacb11dde2ef717394e9192760fde16b24276fc054357a647b0265b177186
-
SHA512
c88416cb59a6bbaf734d310a4441421756fdb2ed489d67c92faa5df7004f18b8cc867660c51fbd121a9722f1276c87abf0906a5566860afd92963e67ee03c417
-
SSDEEP
6144:zLMJoLcA0g0aB+PZO9Bpva8l3O0fGAicHxWBJaY5HlDlhHtpbSnV30pudxMEZJZ:zLMJoLcAvBaY489pfGAicoBoY5FDlhNI
Score3/10 -
-
-
Target
PCICHEK.DLL
-
Size
17KB
-
MD5
8bc70bdd438ba6319924b01b5cc69e9f
-
SHA1
296be384e05ec5b8c92e4253169422417ccfdf17
-
SHA256
25dccc7c576995c3ea5abdbca87e05f7344ae00c686f2ba47c011af7e97c430c
-
SHA512
4049f2895d720d569074d8e2c93de31d6aea9132a11b884b198c7b6a6d69ab9fcad73057a7ae125ba5eb6a07093cf9005def974b7415c46f1c1f53353aeaa619
-
SSDEEP
192:JXANeiOT8k2b633L6RRHcjY5XQqsrb0hSF7j7ZlqUpai/Tvrb0hSqZlqca7bju5O:JXANt+52VOrrIoTvraIcai5O
Score3/10 -
-
-
Target
PCICL32.DLL
-
Size
3.3MB
-
MD5
b0a5d0ab67fef12814b663eb6bd16fb8
-
SHA1
92e0a2cfb4618dd3f9a12b54c0024c0265b789c7
-
SHA256
cb44ad743e0b35d89efdc0ced14573d3bcfb320e8c63581967b1c323e24d30f0
-
SHA512
9edaf0fafe6f504e721d73ed95181029e952be4e7b4c475f007f3e81d8ff87625a767a54de4a3b0ac8c4ebbac78714d4dcee702b5d0ba94a2be5c74f6cc27d32
-
SSDEEP
49152:3WMA61yiaB6FnebgvDYUEuyiN1MpwYSNGrUqZ9AtXFshTIwiaMcMSENo:3KCyipe0/hyiN1MpjWWmtXXrSv
Score3/10 -
-
-
Target
TCCTL32.DLL
-
Size
355KB
-
MD5
85db07eba81939098622ef88d572cd5b
-
SHA1
1af304730f1af2d4b99d20da11022bc8a1021a60
-
SHA256
47162edd0cf12cd37eacc44e4da35734b94f6e5a202be435c5c7a9e51eb0f3ec
-
SHA512
f02603e091f7fc0960cd228b845e5412934f41baaebec611f92718bf16d4f222c176734409f9bf2833ee6d8c26f3e8992eb01f9a5c53cdcbbde28eba2497cd64
-
SSDEEP
6144:FgL3Le4qjZqUAbuDgLNvCFWnS62AIf++H7uxxCuLe9AiD0kqfv6rr:6L3Le4qjQUAbuDUvcWnS6pIf++H7SxCh
Score3/10 -
-
-
Target
msvcr100.dll
-
Size
755KB
-
MD5
0e37fbfa79d349d672456923ec5fbbe3
-
SHA1
4e880fc7625ccf8d9ca799d5b94ce2b1e7597335
-
SHA256
8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18
-
SHA512
2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630
-
SSDEEP
12288:nMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BVoe3z:MmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV7z
Score3/10 -
-
-
Target
pcicapi.dll
-
Size
33KB
-
MD5
adcd0efb2b7fbb0c1b350f63bf6f4928
-
SHA1
43f9f056cb4d9d35f83adf65e57628895ff27634
-
SHA256
f770b67a8d1d73af4022a1edbbbb0885884c82e1cfa3abccb13fd046d2e277a0
-
SHA512
2ace2ad8d1b0316e9252936c3404224144c598d4bea95386184f02dfead562a4eec483208f71e70b6f870a20357eeb3c9eecabab6d107af5380f3bc9ffad9cc1
-
SSDEEP
768:JDxJCw72OkRIStu7EQzsTDLoHin+oIZ0rrNaBi:JDxYK2JtW/zsTDlvIZ0
Score3/10 -
-
-
Target
remcmdstub.exe
-
Size
71KB
-
MD5
c6b00dcc026bc1dbb7bace7859e18414
-
SHA1
bb83b12d3bb6c79d6b4c968de9b6e9f0ebf4beb7
-
SHA256
82a5b0a5f16eb2045e74726cea1af7eda7ce93125f1d2480afeb168587928f55
-
SHA512
5514496a21a07c6d03962df78a3a4ade54e6ffe8b2ebc646c016185251c95f0708bbf737377499acb7b31931e2bfb3b5aa94c34d269e267731bac85a8d2baf43
-
SSDEEP
1536:WfanvXuNOwphKuyUHTqYXHhrXH4xLIygAo4wbioQ+E5sw8LQ+8iAG:ganPSpAFUzt0xLIygDiYQDG
Score3/10 -
-
-
Target
uclient.exe
-
Size
104KB
-
MD5
beaac58fbfb2c65866cdf69cd785a48b
-
SHA1
06c1b477be2d08aac95d9682c8ae75871a816bdc
-
SHA256
860393e31788499f8774be83c65bcf29658cc77bf96ee2f4c86b065aedbf77de
-
SHA512
e2a35ecee75316d9a3dbb2ee49f451980375f0b43ca8db5102858b90e840e5c8b4c45ac5c0ce6593e69fc664d92866b60db609fb64029c3ec7a50dc8fee4ad4e
-
SSDEEP
384:KIXhLZ758V5+6j6Qa86Fkv2Wr120hZB4zSrrIzezaV7raI5acim:ldd8VZl6FhWr80/q2r5zaVvaMacim
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Netsupport family
-