General
-
Target
d6fce7c094994b19d96c9ebcccc07b9fb5efda2e4e1da352d9e0e031f0457c5e
-
Size
15.7MB
-
Sample
250124-r4n4zavnbm
-
MD5
de1fe38365e12674d2bde916bebfbb4f
-
SHA1
8312cfc54411b0d54c9368fd31e07d842766bf99
-
SHA256
d6fce7c094994b19d96c9ebcccc07b9fb5efda2e4e1da352d9e0e031f0457c5e
-
SHA512
53a21cdc9d09b4083d37dd5343e02b6b20adfd3aa369149e86cfd4338049c38b587d57ff671e7c5f0579a4a5a3c5b2a44359d1a14147aca2f01fb2e82086eb37
-
SSDEEP
393216:VHufn4FF3IJnpIAtXnxAp+/jefhKDjsJVfIbhmmx3x:Vw473gpIAtXnxecjWJVQwux
Malware Config
Targets
-
-
Target
d6fce7c094994b19d96c9ebcccc07b9fb5efda2e4e1da352d9e0e031f0457c5e
-
Size
15.7MB
-
MD5
de1fe38365e12674d2bde916bebfbb4f
-
SHA1
8312cfc54411b0d54c9368fd31e07d842766bf99
-
SHA256
d6fce7c094994b19d96c9ebcccc07b9fb5efda2e4e1da352d9e0e031f0457c5e
-
SHA512
53a21cdc9d09b4083d37dd5343e02b6b20adfd3aa369149e86cfd4338049c38b587d57ff671e7c5f0579a4a5a3c5b2a44359d1a14147aca2f01fb2e82086eb37
-
SSDEEP
393216:VHufn4FF3IJnpIAtXnxAp+/jefhKDjsJVfIbhmmx3x:Vw473gpIAtXnxecjWJVQwux
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Netsupport family
-
Blocklisted process makes network request
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-