General

  • Target

    signed_gate6.bin

  • Size

    3.8MB

  • Sample

    201029-ahlp2nvr9a

  • MD5

    5b31c8bf67eea804fa636876a1828d20

  • SHA1

    0f9862e659b5cd1233a7796d51e062d217df3c75

  • SHA256

    a61bc88a1a994952b622c7eb01bfa9be65591c8cb5e69c4dae56edbd94deb384

  • SHA512

    bf7175eb313fd1949e36056d478699327a05cbff1d5a0e68c4664df7c202197a25332ba270c8a5300367cf8d4b711d682d535071ce6c11ed125dd78c75f2909b

Malware Config

Targets

    • Target

      signed_gate6.bin

    • Size

      3.8MB

    • MD5

      5b31c8bf67eea804fa636876a1828d20

    • SHA1

      0f9862e659b5cd1233a7796d51e062d217df3c75

    • SHA256

      a61bc88a1a994952b622c7eb01bfa9be65591c8cb5e69c4dae56edbd94deb384

    • SHA512

      bf7175eb313fd1949e36056d478699327a05cbff1d5a0e68c4664df7c202197a25332ba270c8a5300367cf8d4b711d682d535071ce6c11ed125dd78c75f2909b

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Use of msiexec (install) with remote resource

    • Adds Run key to start application

    • JavaScript code in executable

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

2
T1112

Tasks