netsupport | c6917fdef434526178ff8007cbf4545c96db6a41987cb2c74590778e37716bff | Triage

Sharing

General

Target

c6917fdef434526178ff8007cbf4545c96db6a41987cb2c74590778e37716bff
Size

412.4MB
Sample

221029-erfwlsage2
MD5

d70c7c364098ca54e7582e3f27d989ce
SHA1

e8735b1382cb6f8880a09716dfd79262735b8b69
SHA256

c6917fdef434526178ff8007cbf4545c96db6a41987cb2c74590778e37716bff
SHA512

8b34d9b1a3cc9cd06dcdc2120d8c960a2ad209c5eaf5772b371eb35588342854ea344eff222680c2ad570be15419fda27943b9bad8c22092b30ea80c4156f648
SSDEEP

98304:qDsqmfeoT5qEM+1+LofOz7VNBLghT2tNcTWTQbictE:X5GoVasEofyrRsEEWTQ3tE

Score

10^/10

netsupport persistence rat

Malware Config

Targets

- Target
  
  c6917fdef434526178ff8007cbf4545c96db6a41987cb2c74590778e37716bff
- Size
  
  412.4MB
- MD5
  
  d70c7c364098ca54e7582e3f27d989ce
- SHA1
  
  e8735b1382cb6f8880a09716dfd79262735b8b69
- SHA256
  
  c6917fdef434526178ff8007cbf4545c96db6a41987cb2c74590778e37716bff
- SHA512
  
  8b34d9b1a3cc9cd06dcdc2120d8c960a2ad209c5eaf5772b371eb35588342854ea344eff222680c2ad570be15419fda27943b9bad8c22092b30ea80c4156f648
- SSDEEP
  
  98304:qDsqmfeoT5qEM+1+LofOz7VNBLghT2tNcTWTQbictE:X5GoVasEofyrRsEEWTQ3tE
Score

10^/10

persistence netsupport rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Process Discovery

Remote System Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

netsupportpersistencerat