General
-
Target
bc5c7fc357244b8cdb1d79c545c4ac5d20ba770d028dd4bc66a00dd4ba2679fa
-
Size
10.7MB
-
Sample
250124-r2jfpssrhz
-
MD5
0d2d09faa2a3f1295af9d2265668477e
-
SHA1
fb1fbea8003f73eeb8bd4d4a9c4765443c1a5b76
-
SHA256
bc5c7fc357244b8cdb1d79c545c4ac5d20ba770d028dd4bc66a00dd4ba2679fa
-
SHA512
57634682621f1e5aa64efae101f074ef46a7d91b512a2c3aa2dfd24a8215c9a06c0410a750744776cf1f06b0b8c538a56bcbd10d01e3ad80e0b899c6e3172aa4
-
SSDEEP
196608:fyF7yF26K4sXO1/pmANI2C2Uh4KghEUUufMLoWaOJ6wfWUi7OOe8V2rYMTYtL4:fyskAplXUVghyufsJPfWLOOe8grIR4
Malware Config
Targets
-
-
Target
bc5c7fc357244b8cdb1d79c545c4ac5d20ba770d028dd4bc66a00dd4ba2679fa
-
Size
10.7MB
-
MD5
0d2d09faa2a3f1295af9d2265668477e
-
SHA1
fb1fbea8003f73eeb8bd4d4a9c4765443c1a5b76
-
SHA256
bc5c7fc357244b8cdb1d79c545c4ac5d20ba770d028dd4bc66a00dd4ba2679fa
-
SHA512
57634682621f1e5aa64efae101f074ef46a7d91b512a2c3aa2dfd24a8215c9a06c0410a750744776cf1f06b0b8c538a56bcbd10d01e3ad80e0b899c6e3172aa4
-
SSDEEP
196608:fyF7yF26K4sXO1/pmANI2C2Uh4KghEUUufMLoWaOJ6wfWUi7OOe8V2rYMTYtL4:fyskAplXUVghyufsJPfWLOOe8grIR4
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Netsupport family
-
Blocklisted process makes network request
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-