Overview

overview

10

Static

static

1

36347ad88c...3c.exe

windows7-x64

10

36347ad88c...3c.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    36347ad88c3fd960152b88022381308c68b39dde29a1e2d471148cb01e76bb3c.zip

  • Size

    2.2MB

  • Sample

    230321-r173nsbc82

  • MD5

    72f7a715d5a650b34d9838852db44431

  • SHA1

    cabdf8c4ca7c498e38e99226dfc3cdd05e082363

  • SHA256

    8ff6ffd0e4f01e1687f035835ef0c20b61f1b48f73c90052b385356ab04cfaef

  • SHA512

    5c42c8244345ee421182261558ab42500f8d5bb871e5ebe36f4848975dc759ebdabf8abc4eea5d5aad71c5b3b3d720fa2bdcaab02c8dd55916baf75e95b59915

  • SSDEEP

    49152:8p9k4uJKvxxDlDf4+ynvhno1vUMvDwUzvM05/zuZtA04x4MDlu:aig3DNf4jnpCvdvzrbytPZMDlu

Score
10/10
netsupportrat

Malware Config

Targets

    • Target

      36347ad88c3fd960152b88022381308c68b39dde29a1e2d471148cb01e76bb3c.exe

    • Size

      2.5MB

    • MD5

      930dafe31a08adcef3cc066d16d40982

    • SHA1

      134c131779666424cc98fd15e384d174cfcf16e6

    • SHA256

      36347ad88c3fd960152b88022381308c68b39dde29a1e2d471148cb01e76bb3c

    • SHA512

      1d9a6d5219bf7cdf9b61b75b0c1dbcd240685a4c9308f950efc4f7daccf05eaea09baf248668ffd02a6ce6db8a6007d03b1c746b6d84873112ce30586c6887ea

    • SSDEEP

      49152:suJdxkp92TMp2OJSyli/TlV56nNeDyQ41Huw9If8DQtqKPi/IBF:Bd6Ugp2Jx6UyQ41uw9IkDUiu

    Score
    10/10
    netsupportrat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks