General
-
Target
JaffaCakes118_389eb6e22bf7c2059ba653ec05ba3d0c3b59e3d242f5de887b96b5df25e0cd58
-
Size
686.0MB
-
Sample
241225-cbvzgstnaz
-
MD5
5116aee8147257fdc3765a96ab4bc78b
-
SHA1
ecc738fdabcf52c68b197e1321604cf041a4b330
-
SHA256
389eb6e22bf7c2059ba653ec05ba3d0c3b59e3d242f5de887b96b5df25e0cd58
-
SHA512
c6dffb8e91903c4ea2f8c547aa1f58ddfb06a198859c2ebb5f0c7f062bf5d3138f7d6d9b6606030a8ac018334d3a206d43bbe34075e885f8dfb44ceb3b1c294c
-
SSDEEP
49152:aGzhmoSjcFNMcbm0dLovfFYvx7WA+0b7Gsr04TSfZeU69PX8hm50gpdnLosp:aG9mVSysLWFmLGR9fAUo0gpdnLosp
Malware Config
Targets
-
-
Target
JaffaCakes118_389eb6e22bf7c2059ba653ec05ba3d0c3b59e3d242f5de887b96b5df25e0cd58
-
Size
686.0MB
-
MD5
5116aee8147257fdc3765a96ab4bc78b
-
SHA1
ecc738fdabcf52c68b197e1321604cf041a4b330
-
SHA256
389eb6e22bf7c2059ba653ec05ba3d0c3b59e3d242f5de887b96b5df25e0cd58
-
SHA512
c6dffb8e91903c4ea2f8c547aa1f58ddfb06a198859c2ebb5f0c7f062bf5d3138f7d6d9b6606030a8ac018334d3a206d43bbe34075e885f8dfb44ceb3b1c294c
-
SSDEEP
49152:aGzhmoSjcFNMcbm0dLovfFYvx7WA+0b7Gsr04TSfZeU69PX8hm50gpdnLosp:aG9mVSysLWFmLGR9fAUo0gpdnLosp
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Netsupport family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-