General

  • Target

    gz_all.zip

  • Size

    2.1MB

  • Sample

    241126-nja5tsvqdq

  • MD5

    ba609f469d8a96d5b48a22e7c354a927

  • SHA1

    d8ea5d147bdfd1b7635c0ce3cce75c46e356851a

  • SHA256

    9d405c3a3bd95031175b1f36b485a5210fd499155fa0db0403a81f3af928a271

  • SHA512

    cae1ebbd1167e5b643f016a42b7fac19d8a459a400d2c81bef84722f0463a2b65607644d4561cbd00b5b4cac09b7f74f6c38e999d9bee198529684dae7c8fc0b

  • SSDEEP

    49152:v33eTbkejUXHl6VKUD7iPYB8Yp67n5dY+ceAymZT6N/Pjx:v33SBMl6v+PYdpQ5dzaya6NN

Malware Config

Targets

    • Target

      AudioCapture.dll

    • Size

      90KB

    • MD5

      192dcc30c09f0cb973997aebdb2efcfc

    • SHA1

      3fa0efddd92dc65ea3ad8ede4af35c89cbe393c5

    • SHA256

      dd305100644d07d73d3391456a7a90d838f12be560b9a04ef6b393d603d7d877

    • SHA512

      3f47aceb63cfde1668ea25b1d48a108b4a54923dc3fa8f7afed1cca15ec980dbe780273a39c22fd6c1e104b429c93633009c425f6cc0ef09b5cde17fba08ecc6

    • SSDEEP

      768:ZrOxYZwDgyfoVD/Ksdl0R8rKZEmU2ffE7CdmW1B1jvmhxccp2+vHxRpPfPtJNvbq:ZrOxDJs/Ksdl0R1dBmhFXxRpP9JNvbnq

    Score
    3/10
    • Target

      HTCTL32.DLL

    • Size

      315KB

    • MD5

      c0707cae9904c2022fd1fbaa94bbbba2

    • SHA1

      8b2116f82abbe4f69c4522f7099ddeacbe18884c

    • SHA256

      e2daacb11dde2ef717394e9192760fde16b24276fc054357a647b0265b177186

    • SHA512

      c88416cb59a6bbaf734d310a4441421756fdb2ed489d67c92faa5df7004f18b8cc867660c51fbd121a9722f1276c87abf0906a5566860afd92963e67ee03c417

    • SSDEEP

      6144:zLMJoLcA0g0aB+PZO9Bpva8l3O0fGAicHxWBJaY5HlDlhHtpbSnV30pudxMEZJZ:zLMJoLcAvBaY489pfGAicoBoY5FDlhNI

    Score
    3/10
    • Target

      PCICHEK.DLL

    • Size

      17KB

    • MD5

      8bc70bdd438ba6319924b01b5cc69e9f

    • SHA1

      296be384e05ec5b8c92e4253169422417ccfdf17

    • SHA256

      25dccc7c576995c3ea5abdbca87e05f7344ae00c686f2ba47c011af7e97c430c

    • SHA512

      4049f2895d720d569074d8e2c93de31d6aea9132a11b884b198c7b6a6d69ab9fcad73057a7ae125ba5eb6a07093cf9005def974b7415c46f1c1f53353aeaa619

    • SSDEEP

      192:JXANeiOT8k2b633L6RRHcjY5XQqsrb0hSF7j7ZlqUpai/Tvrb0hSqZlqca7bju5O:JXANt+52VOrrIoTvraIcai5O

    Score
    3/10
    • Target

      PCICL32.DLL

    • Size

      3.3MB

    • MD5

      b0a5d0ab67fef12814b663eb6bd16fb8

    • SHA1

      92e0a2cfb4618dd3f9a12b54c0024c0265b789c7

    • SHA256

      cb44ad743e0b35d89efdc0ced14573d3bcfb320e8c63581967b1c323e24d30f0

    • SHA512

      9edaf0fafe6f504e721d73ed95181029e952be4e7b4c475f007f3e81d8ff87625a767a54de4a3b0ac8c4ebbac78714d4dcee702b5d0ba94a2be5c74f6cc27d32

    • SSDEEP

      49152:3WMA61yiaB6FnebgvDYUEuyiN1MpwYSNGrUqZ9AtXFshTIwiaMcMSENo:3KCyipe0/hyiN1MpjWWmtXXrSv

    Score
    3/10
    • Target

      TCCTL32.DLL

    • Size

      355KB

    • MD5

      85db07eba81939098622ef88d572cd5b

    • SHA1

      1af304730f1af2d4b99d20da11022bc8a1021a60

    • SHA256

      47162edd0cf12cd37eacc44e4da35734b94f6e5a202be435c5c7a9e51eb0f3ec

    • SHA512

      f02603e091f7fc0960cd228b845e5412934f41baaebec611f92718bf16d4f222c176734409f9bf2833ee6d8c26f3e8992eb01f9a5c53cdcbbde28eba2497cd64

    • SSDEEP

      6144:FgL3Le4qjZqUAbuDgLNvCFWnS62AIf++H7uxxCuLe9AiD0kqfv6rr:6L3Le4qjQUAbuDUvcWnS6pIf++H7SxCh

    Score
    3/10
    • Target

      msvcr100.dll

    • Size

      755KB

    • MD5

      0e37fbfa79d349d672456923ec5fbbe3

    • SHA1

      4e880fc7625ccf8d9ca799d5b94ce2b1e7597335

    • SHA256

      8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18

    • SHA512

      2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630

    • SSDEEP

      12288:nMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BVoe3z:MmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV7z

    Score
    3/10
    • Target

      pcicapi.dll

    • Size

      33KB

    • MD5

      adcd0efb2b7fbb0c1b350f63bf6f4928

    • SHA1

      43f9f056cb4d9d35f83adf65e57628895ff27634

    • SHA256

      f770b67a8d1d73af4022a1edbbbb0885884c82e1cfa3abccb13fd046d2e277a0

    • SHA512

      2ace2ad8d1b0316e9252936c3404224144c598d4bea95386184f02dfead562a4eec483208f71e70b6f870a20357eeb3c9eecabab6d107af5380f3bc9ffad9cc1

    • SSDEEP

      768:JDxJCw72OkRIStu7EQzsTDLoHin+oIZ0rrNaBi:JDxYK2JtW/zsTDlvIZ0

    Score
    3/10
    • Target

      remcmdstub.exe

    • Size

      71KB

    • MD5

      c6b00dcc026bc1dbb7bace7859e18414

    • SHA1

      bb83b12d3bb6c79d6b4c968de9b6e9f0ebf4beb7

    • SHA256

      82a5b0a5f16eb2045e74726cea1af7eda7ce93125f1d2480afeb168587928f55

    • SHA512

      5514496a21a07c6d03962df78a3a4ade54e6ffe8b2ebc646c016185251c95f0708bbf737377499acb7b31931e2bfb3b5aa94c34d269e267731bac85a8d2baf43

    • SSDEEP

      1536:WfanvXuNOwphKuyUHTqYXHhrXH4xLIygAo4wbioQ+E5sw8LQ+8iAG:ganPSpAFUzt0xLIygDiYQDG

    Score
    3/10
    • Target

      uclient.exe

    • Size

      104KB

    • MD5

      beaac58fbfb2c65866cdf69cd785a48b

    • SHA1

      06c1b477be2d08aac95d9682c8ae75871a816bdc

    • SHA256

      860393e31788499f8774be83c65bcf29658cc77bf96ee2f4c86b065aedbf77de

    • SHA512

      e2a35ecee75316d9a3dbb2ee49f451980375f0b43ca8db5102858b90e840e5c8b4c45ac5c0ce6593e69fc664d92866b60db609fb64029c3ec7a50dc8fee4ad4e

    • SSDEEP

      384:KIXhLZ758V5+6j6Qa86Fkv2Wr120hZB4zSrrIzezaV7raI5acim:ldd8VZl6FhWr80/q2r5zaVvaMacim

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Netsupport family

MITRE ATT&CK Enterprise v15

Tasks