netsupport | e387e0ba5e2fb9355e78d28a92edff5479c15e327f6e4e97a3cf42c27e00e85f | Triage

Submit
Reports

Overview

overview

Static

static

a6e18bfafb...ab.exe

windows7-x64

a6e18bfafb...ab.exe

windows10-2004-x64

Sharing

General

Target

a6e18bfafb3e216ca77d6f5da1cd50ab.exe
Size

309KB
Sample

220910-mkc55sdfdk
MD5

a6e18bfafb3e216ca77d6f5da1cd50ab
SHA1

585c6092b0036ee0f96032e203c0d764d1f012d5
SHA256

e387e0ba5e2fb9355e78d28a92edff5479c15e327f6e4e97a3cf42c27e00e85f
SHA512

f7d20c8e7aa394a66ce359286d9688d1aa0e5292dceaced469dbc69c347b807d1b102a97d4b8af04ef68ea92efa47bc752cbbe697d88ec26fcb0fd4050d1cb91
SSDEEP

6144:oB1nazUTsjsAvrirn1yD0HrfdDa7MJGy4USuvf9vE1o+gfqoFLPS:oCzUjAvmrnMYHrfdDXG3mf9vE1BuqqL

Score

10^/10

netsupport redline smokeloader 1337 nam5 backdoor infostealer rat spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

a6e18bfafb3e216ca77d6f5da1cd50ab.exe

Resource

win7-20220812-en

smokeloader backdoor trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

a6e18bfafb3e216ca77d6f5da1cd50ab.exe

Resource

win10v2004-20220901-en

netsupport redline smokeloader 1337 nam5 backdoor infostealer rat spyware trojan

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

1337

C2

78.153.144.6:2510

Attributes

auth_value
b0447922bcbc2eda83260a9e7a638f45

Extracted

Family

redline

Botnet

nam5

C2

103.89.90.61:34589

Attributes

auth_value
f23be8e9063fe5d0c6fc3ee8e7d565bd

Targets

- Target
  
  a6e18bfafb3e216ca77d6f5da1cd50ab.exe
- Size
  
  309KB
- MD5
  
  a6e18bfafb3e216ca77d6f5da1cd50ab
- SHA1
  
  585c6092b0036ee0f96032e203c0d764d1f012d5
- SHA256
  
  e387e0ba5e2fb9355e78d28a92edff5479c15e327f6e4e97a3cf42c27e00e85f
- SHA512
  
  f7d20c8e7aa394a66ce359286d9688d1aa0e5292dceaced469dbc69c347b807d1b102a97d4b8af04ef68ea92efa47bc752cbbe697d88ec26fcb0fd4050d1cb91
- SSDEEP
  
  6144:oB1nazUTsjsAvrirn1yD0HrfdDa7MJGy4USuvf9vE1o+gfqoFLPS:oCzUjAvmrnMYHrfdDXG3mf9vE1BuqqL
Score

10^/10

smokeloader backdoor trojan netsupport redline 1337 nam5 infostealer rat spyware
- Detects Smokeloader packer
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

netsupportredlinesmokeloader1337nam5backdoorinfostealerratspywaretrojan

© 2018-2025

Terms | Privacy