Overview

overview

10

Static

static

1

Update 3633.js

windows7-x64

8

Update 3633.js

windows10-2004-x64

10

Resubmissions

11-02-2025 19:41

250211-yd22gaykhq 8

11-02-2025 18:32

250211-w6m2xawmap 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Update 3633.js

  • Size

    1.3MB

  • Sample

    250211-w6m2xawmap

  • MD5

    77072f5bc07cfb3ce99655ac33e1174f

  • SHA1

    645ab809d65dc9a57f979a5309a580aa2e5f9e54

  • SHA256

    565db3321218ef2d24120a3b0e3a79ce8b3238b37a89a1d163b01f3be472b15b

  • SHA512

    a26906ae0b5984a2e621312e4881337cf1e434534a8b1318b60a0d9dd4dbe81489a3cb1dd0092a1dcc92223e7d32b1fd2eb07787cb24eb8414d82e029ed2fb62

  • SSDEEP

    12288:wum1wz4FL5dM2f8f3ue1wz4FL5dM2f8fr:OCz4F9dM2f8frCz4F9dM2f8fr

Score
10/10
netsupportdiscoveryexecutionpersistencerat

Malware Config

Targets

    • Target

      Update 3633.js

    • Size

      1.3MB

    • MD5

      77072f5bc07cfb3ce99655ac33e1174f

    • SHA1

      645ab809d65dc9a57f979a5309a580aa2e5f9e54

    • SHA256

      565db3321218ef2d24120a3b0e3a79ce8b3238b37a89a1d163b01f3be472b15b

    • SHA512

      a26906ae0b5984a2e621312e4881337cf1e434534a8b1318b60a0d9dd4dbe81489a3cb1dd0092a1dcc92223e7d32b1fd2eb07787cb24eb8414d82e029ed2fb62

    • SSDEEP

      12288:wum1wz4FL5dM2f8f3ue1wz4FL5dM2f8fr:OCz4F9dM2f8frCz4F9dM2f8fr

    Score
    10/10
    executionnetsupportdiscoverypersistencerat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Netsupport family

      netsupport

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks