Overview

overview

10

Static

static

1

signed_gate6.bin.exe

windows7_x64

10

signed_gate6.bin.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    signed_gate6.bin

  • Size

    3.8MB

  • Sample

    201029-ahlp2nvr9a

  • MD5

    5b31c8bf67eea804fa636876a1828d20

  • SHA1

    0f9862e659b5cd1233a7796d51e062d217df3c75

  • SHA256

    a61bc88a1a994952b622c7eb01bfa9be65591c8cb5e69c4dae56edbd94deb384

  • SHA512

    bf7175eb313fd1949e36056d478699327a05cbff1d5a0e68c4664df7c202197a25332ba270c8a5300367cf8d4b711d682d535071ce6c11ed125dd78c75f2909b

Score
10/10
netsupportpersistencerat

Malware Config

Targets

    • Target

      signed_gate6.bin

    • Size

      3.8MB

    • MD5

      5b31c8bf67eea804fa636876a1828d20

    • SHA1

      0f9862e659b5cd1233a7796d51e062d217df3c75

    • SHA256

      a61bc88a1a994952b622c7eb01bfa9be65591c8cb5e69c4dae56edbd94deb384

    • SHA512

      bf7175eb313fd1949e36056d478699327a05cbff1d5a0e68c4664df7c202197a25332ba270c8a5300367cf8d4b711d682d535071ce6c11ed125dd78c75f2909b

    Score
    10/10
    netsupportpersistencerat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Use of msiexec (install) with remote resource

    • Adds Run key to start application

      persistence

    • JavaScript code in executable

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks