General
-
Target
870663b0782a4b7a05e84d4dd8154711c41bb26299365bdc2373f470d81b5e0b
-
Size
1.4MB
-
Sample
250120-t61a5aypbw
-
MD5
a8e91905f7f2df4de9d8ae2d6c7b9d6d
-
SHA1
efe950f7d1787107659e915c0ae907af301d730e
-
SHA256
fdd669c104f2384bf12f99ad0ad0fc0a71dfffd310abf59539f4962a40267efb
-
SHA512
a3081218eccff6c67c0891a813443898ff381dbd53465f70d31ff8c1db60c47da4bf9b9a124cc266f9942979f4fd66a393015869fd4af1d39422694392c624e3
-
SSDEEP
24576:CXYO1irGNwhZeE9RDfd8kqCrZPnaf6PbJ6K5lKUiBo/OqWIr4jNME9SAQJ91pmMP:fO16hZeE9RDKOrA2TUUi8OmkjNME9zQj
Static task
static1
Behavioral task
behavioral1
Sample
870663b0782a4b7a05e84d4dd8154711c41bb26299365bdc2373f470d81b5e0b.js
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
870663b0782a4b7a05e84d4dd8154711c41bb26299365bdc2373f470d81b5e0b.js
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
870663b0782a4b7a05e84d4dd8154711c41bb26299365bdc2373f470d81b5e0b
-
Size
3.8MB
-
MD5
aef27e82cd86ed5003b277fb319beb27
-
SHA1
52eecb59d4a8a5404f6dc347cd46fbd4ee964995
-
SHA256
870663b0782a4b7a05e84d4dd8154711c41bb26299365bdc2373f470d81b5e0b
-
SHA512
16a61f280f5cf3fd04d9e4f9d956fabbc2855f5d0b1c890e614baf5b4f6fd3441b41c8c7de5a768f443128e715eb933d6c09a2855e52cc405b9eb042baa46efb
-
SSDEEP
49152:Nsz6FvpOiHY7sz6FvpOiHY1+we6AC9L7lARB3QJhut7C6:N0WQ0WZ
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Netsupport family
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-