signed_gate6.bin

General
Target

signed_gate6.bin

Size

3MB

Sample

201029-ahlp2nvr9a

Score
10 /10
MD5

5b31c8bf67eea804fa636876a1828d20

SHA1

0f9862e659b5cd1233a7796d51e062d217df3c75

SHA256

a61bc88a1a994952b622c7eb01bfa9be65591c8cb5e69c4dae56edbd94deb384

SHA512

bf7175eb313fd1949e36056d478699327a05cbff1d5a0e68c4664df7c202197a25332ba270c8a5300367cf8d4b711d682d535071ce6c11ed125dd78c75f2909b

Malware Config
Targets
Target

signed_gate6.bin

MD5

5b31c8bf67eea804fa636876a1828d20

Filesize

3MB

Score
10 /10
SHA1

0f9862e659b5cd1233a7796d51e062d217df3c75

SHA256

a61bc88a1a994952b622c7eb01bfa9be65591c8cb5e69c4dae56edbd94deb384

SHA512

bf7175eb313fd1949e36056d478699327a05cbff1d5a0e68c4664df7c202197a25332ba270c8a5300367cf8d4b711d682d535071ce6c11ed125dd78c75f2909b

Tags

Signatures

  • NetSupport

    Description

    NetSupport is a remote access tool sold as a legitimate system administration software.

    Tags

  • Blacklisted process makes network request

  • Executes dropped EXE

  • Loads dropped DLL

  • Use of msiexec (install) with remote resource

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry
  • JavaScript code in executable

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Privilege Escalation
                      Tasks

                      static1

                      1/10

                      behavioral1

                      10/10

                      behavioral2

                      10/10