netsupport | c2c6e13f08cd8b5bf721576ca1372b72cdf0c33d8aafac2e529f3aa3c73a6a80 | Triage

Submit
Reports

Overview

overview

Static

static

1

winprofile

windows7-x64

winprofile

windows10-1703-x64

Sharing

General

Target

c2c6e13f08cd8b5bf721576ca1372b72cdf0c33d8aafac2e529f3aa3c73a6a80
Size

3.2MB
Sample

221213-2qhp5sbd5t
MD5

c3e6ed24af33b5ea3f971939749cb6a1
SHA1

b0f6eb6d427ca251790dc74d2f82d6943d0376a0
SHA256

c2c6e13f08cd8b5bf721576ca1372b72cdf0c33d8aafac2e529f3aa3c73a6a80
SHA512

79eff14ee676eb2f3d0f6274ed246177a2015c6beff2b6924bf48914ef022b83ccaa8cc0804da77d714615aed7aeb869ae3b35b21cc76f73ed4e7cb3df7d5a54
SSDEEP

98304:kr9uY//nZ+dvt9bOqDzKHVBEu4SsJnFQyluV3knhfq6pO:o9//Z+dv/OM21CrSrVYq6pO

Score

10^/10

netsupport redline 2 infostealer rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c2c6e13f08cd8b5bf721576ca1372b72cdf0c33d8aafac2e529f3aa3c73a6a80.exe

Resource

win7-20221111-en

netsupport redline 2 infostealer rat

windows7-x64

12 signatures

300 seconds

Behavioral task

behavioral2

Sample

c2c6e13f08cd8b5bf721576ca1372b72cdf0c33d8aafac2e529f3aa3c73a6a80.exe

Resource

win10-20220901-en

netsupport redline 2 infostealer rat

windows10-1703-x64

15 signatures

300 seconds

Malware Config

Extracted

Family

redline

Botnet

2

C2

94.158.244.106:42091

Attributes

auth_value
97b1012a1f2da1b5d673765c85a9d94c

Targets

- Target
  
  c2c6e13f08cd8b5bf721576ca1372b72cdf0c33d8aafac2e529f3aa3c73a6a80
- Size
  
  3.2MB
- MD5
  
  c3e6ed24af33b5ea3f971939749cb6a1
- SHA1
  
  b0f6eb6d427ca251790dc74d2f82d6943d0376a0
- SHA256
  
  c2c6e13f08cd8b5bf721576ca1372b72cdf0c33d8aafac2e529f3aa3c73a6a80
- SHA512
  
  79eff14ee676eb2f3d0f6274ed246177a2015c6beff2b6924bf48914ef022b83ccaa8cc0804da77d714615aed7aeb869ae3b35b21cc76f73ed4e7cb3df7d5a54
- SSDEEP
  
  98304:kr9uY//nZ+dvt9bOqDzKHVBEu4SsJnFQyluV3knhfq6pO:o9//Z+dv/OM21CrSrVYq6pO
Score

10^/10

netsupport redline 2 infostealer rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

netsupportredline2infostealerrat

behavioral2

netsupportredline2infostealerrat

© 2018-2024

Terms | Privacy