Overview

overview

10

Static

static

a6b33cbfee...9e.exe

windows7-x64

10

a6b33cbfee...9e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a6b33cbfee592d34c4773d04ff1d3a06bc99d192db31bd1074a81ce25bdd049e.exe

  • Size

    2.4MB

  • Sample

    221020-2mjg9shfbq

  • MD5

    1ffc64ec6ed254a5d35e5a00da90eee6

  • SHA1

    a2be37d7aeb1fbbd799281f13712e87a1c754f26

  • SHA256

    a6b33cbfee592d34c4773d04ff1d3a06bc99d192db31bd1074a81ce25bdd049e

  • SHA512

    45fa4b45528f6009b85381507dbce880c107df785413f8de4378e33de9769ccb9651502ddc32f381c3603dedebca0748cabb91d2c94f18ee2cbc25017edfb235

  • SSDEEP

    49152:Tp4MpbDJ+SYCDOWmNTJkLa3unnRawt9Amzn/h1A0Ihh7G2MUVJtYtyj:Tp4OYzWCTJfenRaA9pznUfhhkUVfYtyj

Score
10/10
netsupportrat

Malware Config

Targets

    • Target

      a6b33cbfee592d34c4773d04ff1d3a06bc99d192db31bd1074a81ce25bdd049e.exe

    • Size

      2.4MB

    • MD5

      1ffc64ec6ed254a5d35e5a00da90eee6

    • SHA1

      a2be37d7aeb1fbbd799281f13712e87a1c754f26

    • SHA256

      a6b33cbfee592d34c4773d04ff1d3a06bc99d192db31bd1074a81ce25bdd049e

    • SHA512

      45fa4b45528f6009b85381507dbce880c107df785413f8de4378e33de9769ccb9651502ddc32f381c3603dedebca0748cabb91d2c94f18ee2cbc25017edfb235

    • SSDEEP

      49152:Tp4MpbDJ+SYCDOWmNTJkLa3unnRawt9Amzn/h1A0Ihh7G2MUVJtYtyj:Tp4OYzWCTJfenRaA9pznUfhhkUVfYtyj

    Score
    10/10
    netsupportrat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks