Overview

overview

10

Static

static

1

1d3205c80e...fb.exe

windows7-x64

10

1d3205c80e...fb.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1d3205c80e2291cd3a290a06cb42d5ff80f3b2e4a25c6efe2eddc509b0675dfb.zip

  • Size

    1.9MB

  • Sample

    230321-r17rxadd6w

  • MD5

    4b944ac213a7895bfa97c3bfcff5920c

  • SHA1

    70aa791d5dd6f886de792be0892000dbcb01cf0d

  • SHA256

    35774bb1a084ba481f16c1c1a69e2d4fd489dcb4fc85c06b6dff01f11efe6d37

  • SHA512

    8116a61803262749b346b50fc8db4af3f3943f1399f87f14121e816f29cc00b66d80ab6be5163bb843c68508c2831243ffcd0c4fc09197b97e20ff67b0c09680

  • SSDEEP

    49152:gMrV2EOkppKLRKUwzQcfjin4Ma+5PYI6WWV+Ho:gMrVjp8LTwRfWnq+dOW0d

Score
10/10
netsupportrat

Malware Config

Targets

    • Target

      1d3205c80e2291cd3a290a06cb42d5ff80f3b2e4a25c6efe2eddc509b0675dfb.exe

    • Size

      2.1MB

    • MD5

      310eb005787e74125cfd19988396e36e

    • SHA1

      4e59dac1c9873b6218bb55e95f26ac33ef05f140

    • SHA256

      1d3205c80e2291cd3a290a06cb42d5ff80f3b2e4a25c6efe2eddc509b0675dfb

    • SHA512

      1fb5e1781b3835b2ebd19d671c12433881d0ab6116983a169317456a47b02ddae74c87c3268729e59da26fff87406e60b2ccde0c27363c97c8132ecaa0eabbbd

    • SSDEEP

      49152:ETHPKCtf0EkHbG+c6cjeroadWogH6wW5eLkDwC6Gtu:ETiCtfsc2rECe+7u

    Score
    10/10
    netsupportrat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks