General
-
Target
Malware.js
-
Size
4.5MB
-
Sample
241219-acvc8sxqbv
-
MD5
3bb2fb6e24b9e0649a24d050d0019634
-
SHA1
c0a58567765515df4edbd303bc8114669322086f
-
SHA256
2f1fc0157736c88a42ad1847da59844dac4da6be39f89346aa433a65681b8eea
-
SHA512
bc69fcb9574cdde7dbf8b244724dff54089105000ff57ffe0ccbffe0ee6510c0a6014650fa214e4d9836ca72fb6930c7cc82b53947bd2cf943c982831dc532af
-
SSDEEP
49152:psz6FvpOiHY7sz6FvpOiHY97DIzjCxbxqHlpM1MNN0D6hO22DzhYzYBmv9+8pJmR:p0WQ0WW
Static task
static1
Behavioral task
behavioral1
Sample
Malware.js
Resource
win11-20241007-en
Behavioral task
behavioral2
Sample
Malware.js
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
Malware.js
-
Size
4.5MB
-
MD5
3bb2fb6e24b9e0649a24d050d0019634
-
SHA1
c0a58567765515df4edbd303bc8114669322086f
-
SHA256
2f1fc0157736c88a42ad1847da59844dac4da6be39f89346aa433a65681b8eea
-
SHA512
bc69fcb9574cdde7dbf8b244724dff54089105000ff57ffe0ccbffe0ee6510c0a6014650fa214e4d9836ca72fb6930c7cc82b53947bd2cf943c982831dc532af
-
SSDEEP
49152:psz6FvpOiHY7sz6FvpOiHY97DIzjCxbxqHlpM1MNN0D6hO22DzhYzYBmv9+8pJmR:p0WQ0WW
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Netsupport family
-
Blocklisted process makes network request
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-