Overview

overview

10

Static

static

1

30414c0e36...1d7.js

windows7-x64

10

30414c0e36...1d7.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    30414c0e368243ace07a4500aa0888204d2f6c9fc5ad7e33fc07e17f3f1f81d7.js

  • Size

    1.5MB

  • Sample

    250125-cvfc5ssker

  • MD5

    7e51b0bd2627a787d2f0abd68fce2724

  • SHA1

    49746e58935246f83f73aa19477fb2290f73a17e

  • SHA256

    30414c0e368243ace07a4500aa0888204d2f6c9fc5ad7e33fc07e17f3f1f81d7

  • SHA512

    49aa93852b609cf5241bbcc74526bdd6a0da049b78480cb7158098fbbe6eb6006a6121ae123ed7c2e01aeb7d487db56e7d123d611c88c7f7756327516c7434f3

  • SSDEEP

    24576:Nsz6FvpOiHoN7sz6FvpOiHoNvYjiWlmW3hwgGL:Nsz6FvpOiHY7sz6FvpOiHYvW3hwgo

Score
10/10
netsupportdiscoveryexecutionpersistencerat

Malware Config

Targets

    • Target

      30414c0e368243ace07a4500aa0888204d2f6c9fc5ad7e33fc07e17f3f1f81d7.js

    • Size

      1.5MB

    • MD5

      7e51b0bd2627a787d2f0abd68fce2724

    • SHA1

      49746e58935246f83f73aa19477fb2290f73a17e

    • SHA256

      30414c0e368243ace07a4500aa0888204d2f6c9fc5ad7e33fc07e17f3f1f81d7

    • SHA512

      49aa93852b609cf5241bbcc74526bdd6a0da049b78480cb7158098fbbe6eb6006a6121ae123ed7c2e01aeb7d487db56e7d123d611c88c7f7756327516c7434f3

    • SSDEEP

      24576:Nsz6FvpOiHoN7sz6FvpOiHoNvYjiWlmW3hwgGL:Nsz6FvpOiHY7sz6FvpOiHYvW3hwgo

    Score
    10/10
    netsupportdiscoveryexecutionpersistencerat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Netsupport family

      netsupport

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks